23542300x80000000000000001694339Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:47.379{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C6787872C503144EE9170585B8B1AB3,SHA256=C1720A22088A355989FF71DF1F3AE1FEB20A6B34BDBF151F0E482B196D10CDF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694341Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:48.952{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1DAF9D72EE151E33FDD78CB926BE285E,SHA256=68AC39A67D48AB72E35B387F6EDC36DF07F7517638E7E7490ACD4B193C56228B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694340Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:48.444{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3D042B5F6BFC3D207002D717ABB2BDB,SHA256=206F13B2C729FAC77AFBA0A651F9198F6F7A26AB46B67606F23A2BC1EB5AC391,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694345Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:41.424{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55106-false10.0.1.12-8000- 354300x80000000000000001694344Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:41.302{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-62700-true2001:500:200:0:0:0:0:bb.root-servers.net53domain 354300x80000000000000001694343Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:41.299{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local65336- 23542300x80000000000000001694342Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:49.488{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DF259BAAF4EDD250B18A5A04943FED3,SHA256=09C63CCBB86E0ADDBD2B78E2F22194439273E2AAAB83A2CBDD957CBF1131D2BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694348Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:42.330{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local65336- 23542300x80000000000000001694347Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:50.504{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56DC7DA8F1D2AF9A1AFA551344F47C5B,SHA256=109AD84A61C4DF7F6181BB3A1E1602B980339AE02A8FC3A90CD73047AE1CE8D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694346Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:50.020{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=102B918C5579C01D74C6D7965044469C,SHA256=F191B8567BE51EF93DFBE307BA6FC85B6D136146D432E2A3567482835728CEC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694350Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:51.707{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2B777C83804246A7A5873FF0B7EE5B3,SHA256=92F8477847F9FABCDF64E712D775B28AA9AB2A170E968ED33F52483FC7DF6794,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694349Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:51.504{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C0E371484470C86F07C14DD0B0E7001,SHA256=A068F60A7F29BC2822848E54B1384A9148F1E9AA6FDD862BC4CC455A4EC46DA0,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694352Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:44.533{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local51672- 23542300x80000000000000001694351Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:52.535{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC7EFA437FC1CC221828B9F4FCE9604E,SHA256=81A69A45D701B57F64BC816DA41ADB7AB398D54507B8FD978CEE57CCBA79CF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694355Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:53.552{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9D1173350180840181A3F75818DF672,SHA256=0CA6053DB37D716735B7367D8D798E754E7EE5739631C008E9F8FED330B3091B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694354Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:53.473{05ADC7E1-229F-6039-1100-00000000AD01}1152NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C1D3CDF04D1DAE8057A6837EBB6B1F81,SHA256=1BB6F95770B1B2CA6973F70DECB82205647D0B2B4F7EE383BFDF9FC898F9F41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694353Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:53.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D1F048456517BAE03DAC2CDD69F827D,SHA256=B47C83809081672980412842440314ADDCE830A3123C17F58C4504EF8DD6E929,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694357Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:54.567{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE64F6A1AC28F2008A3AEE56AD3B37EF,SHA256=9F1F17DBBD0C0FCFCC53EDD91B6D152DA838FF0EC7D0812BCB4F92413D2DB6B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694356Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:54.098{05ADC7E1-7946-6039-1610-00000000AD01}3144ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9unhrnfd.default-release\datareporting\aborted-session-pingMD5=932D512FA9606ADCEED75A436F5C4FD5,SHA256=A625ECB3833F00B4DDC6401A4350822F2AA4A2D26961B327F0647ACE2BD12114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694424Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.988{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1D209631CE576C5BC1267CDABC0DC9E,SHA256=FEBA6BA021E449C473FA0040F89E258D7F91997DF3DF21BA9D9EF4916835F168,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694423Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.950{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694422Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.950{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694421Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.943{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694420Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.926{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694419Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.926{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694418Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.926{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694417Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.910{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694416Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.910{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694415Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.910{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694414Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.895{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694413Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.895{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694412Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.895{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694411Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694410Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694409Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694408Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694407Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.863{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0aa5|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694406Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.863{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b09be|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694405Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.863{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694404Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694403Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694402Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694401Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694400Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-22AF-6039-2700-00000000AD01}27765668C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694399Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-22AF-6039-2700-00000000AD01}27765668C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x80000000000000001694398Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.851{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694397Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.851{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694396Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694395Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694394Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694393Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694392Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694391Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694390Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694389Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694388Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694387Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694386Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694385Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694384Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694383Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694382Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694381Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694380Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a344|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694379Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694378Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694377Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694376Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694375Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694374Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a344|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694373Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694372Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694371Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694370Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694369Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694368Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694367Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694366Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57966688C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694365Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694364Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57966688C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694363Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37528|C:\Windows\System32\TwinUI.dll+37448|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 10341000x80000000000000001694362Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37590|C:\Windows\System32\TwinUI.dll+37435|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 23542300x80000000000000001694361Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.582{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8583D04636BFB72ECE891E2872D2267,SHA256=E195171C6E9A289BFE46D69BCC2C55C5BF30D39EA78CD960A3133B5749976171,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694360Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.395{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9A5B988DCA45E22E2C1F11A3FEFEC3AD,SHA256=E176D83997B82BBB5974167548AA5AABC74E99DD64E4B826EF1FE7CB24C271C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694359Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:46.455{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55107-false10.0.1.12-8000- 354300x80000000000000001694358Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:45.548{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local51672- 23542300x80000000000000001694531Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.947{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=212F24106D2E71B435038C82B7917973,SHA256=0F17D4005C8E0CF5D3D01E3BAA3C4D3C452390A35DE20A6A16AF34D7F43F34EE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694530Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694529Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694528Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694527Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694526Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694525Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694524Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694523Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694522Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694521Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694520Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 23542300x80000000000000001694519Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8296C2EE59085A078DE86A889A88CB5,SHA256=C997AE9E69E9421C4AA6A17B7F578DE61B612A04D70116995E2B3894B07E9B0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694518Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694517Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694516Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.741{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694515Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.740{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694514Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.740{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694513Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694512Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694511Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694510Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694509Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694508Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694507Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694506Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694505Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694504Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694503Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694502Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694501Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 23542300x80000000000000001694500Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.647{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE29F91211066F0B9F646FB15974DE6,SHA256=D2A5A1F9E7200B09D4A6FAE4308888C03A5560ED3BC10BB4E1814F7EAB995450,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694499Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.645{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694498Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694497Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694496Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694495Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694494Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694493Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694492Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694491Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694490Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694489Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694488Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694487Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 23542300x80000000000000001694486Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.613{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3821BB4E0AE5EE3D90AFF1E3C4DEF2F0,SHA256=E299164F8F3C6B66D9388C0E678F5C28165FC3D6205DF5B28EF5AFFF70DA7DC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694485Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694484Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694483Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694482Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694481Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694480Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694479Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694478Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694477Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694476Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694475Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694474Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694473Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694472Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974 10341000x80000000000000001694471Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974|C:\Windows\SYSTEM32\ntdll.dll+1e892 10341000x80000000000000001694470Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974|C:\Windows\SYSTEM32\ntdll.dll+1e892 10341000x80000000000000001694469Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694468Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694467Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694466Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694465Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694464Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694463Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694462Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694461Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694460Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694459Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694458Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694457Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694456Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694455Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694454Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694453Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694452Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694451Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694450Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694449Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694448Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694447Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 23542300x80000000000000001694446Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.352{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SWZP0EDD\microsoft.windows[1].xmlMD5=85142F70B356DF812313DA984ADD8291,SHA256=8D355EBAE67DA28E1F01E13A3A640109833D784A21B81BA94684B84FEC4D9809,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694445Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694444Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694443Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.349{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694442Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.349{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694441Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694440Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694439Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694438Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694437Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694436Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694435Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694434Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001694433Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SWZP0EDD\microsoft.windows[1].xmlMD5=74EEFBEF5052441007A9B3EE92013D48,SHA256=88AAFE601CFE35EF879170FF47AB0AFD775E38847B114C3DD008C8F0C695F2FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694432Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694431Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694430Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694429Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694428Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57962480C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694427Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57962480C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694426Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694425Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695102Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.629{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A378CACD6CD7696AE63722AFF4A2170E,SHA256=B4C570A6F39109411492AC5D49D20B03B8C80F4AF329A36A91C44AA4AF358223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695101Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.452{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DB733B57A2764C9A140414BD525A8F3,SHA256=4FBCF6C1848A69C314A247EC751CD037FEAFF07807FCD797769371A47AE8AF87,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695100Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.301{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695099Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.301{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695098Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:52:57.270{05ADC7E1-7049-603D-4188-00000000AD01}5784\PSHost.132591127770323264.5784.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695097Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.270{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_y1gqwr1h.z1v.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695096Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.270{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_4ugnkebm.udi.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695095Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695094Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695093Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695092Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695091Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695090Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695089Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695088Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695087Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695086Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695085Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695084Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695083Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695082Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695081Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695080Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695079Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695078Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695077Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695076Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695075Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695074Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695073Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695072Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695071Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695070Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695069Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695068Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695067Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695066Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695065Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695064Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695063Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695062Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695061Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695060Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695059Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695058Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695057Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695056Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695055Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695054Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695053Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695052Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695051Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695050Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695049Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695048Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695047Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695046Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695045Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695044Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695043Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695042Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695041Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695040Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695039Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695038Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695037Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695036Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695035Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695034Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695033Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695032Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695031Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695030Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695029Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695028Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695027Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695026Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695025Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695024Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695023Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695022Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695021Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695020Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695019Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695018Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695017Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695016Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695015Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695014Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695013Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695012Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695011Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695010Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695009Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695008Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695007Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695006Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695005Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695004Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695003Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695002Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 11241100x80000000000000001695001Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_4ugnkebm.udi.ps12021-03-01 22:52:57.207 10341000x80000000000000001695000Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694999Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694998Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694997Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694996Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694995Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694994Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694993Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694992Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694991Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694990Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694989Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694988Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694987Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694986Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694985Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694984Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694983Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694982Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694981Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694980Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694979Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694978Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694977Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694976Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694975Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694974Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694973Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694972Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694971Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694970Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694969Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694968Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694967Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694966Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694965Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694964Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694963Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694962Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694961Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694960Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694959Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694958Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694957Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694956Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694955Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694954Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694953Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694952Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694951Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694950Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694949Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694948Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694947Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694946Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694945Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694944Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694943Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694942Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694941Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694940Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694939Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694938Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694937Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694936Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694935Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694934Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694933Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694932Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694931Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694930Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694929Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694928Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694927Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694926Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694925Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694924Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694923Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694922Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694921Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694920Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694919Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694918Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694917Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694916Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694915Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694914Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694913Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694912Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694911Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694910Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694909Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694908Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694907Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694906Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694905Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694904Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694903Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694902Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694901Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694900Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694899Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694898Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694897Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694896Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694895Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694894Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694893Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694892Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694891Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694890Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694889Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694888Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694887Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694886Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694885Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694884Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694883Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694882Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694881Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694880Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694879Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694878Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694877Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694876Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694875Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694874Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694873Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694872Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694871Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694870Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694869Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694868Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694867Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694866Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694865Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694864Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694863Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694862Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694861Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694860Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694859Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694858Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694857Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694856Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694855Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694854Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694853Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694852Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694851Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694850Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694849Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694848Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694847Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694846Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694845Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694844Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694843Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694842Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694841Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694840Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694839Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694838Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694837Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694836Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694835Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694834Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694833Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694832Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694831Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694830Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694829Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694828Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694827Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694826Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694825Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694824Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694823Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694822Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694821Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694820Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694819Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694818Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694817Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694816Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694815Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694814Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694813Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694812Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694811Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694810Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694809Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694808Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694807Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694806Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694805Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694804Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694803Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694802Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694801Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694800Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694799Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694798Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694797Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694796Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694795Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694794Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694793Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694792Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694791Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694790Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694789Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694788Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694787Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694786Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694785Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694784Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694783Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694782Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694781Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694780Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694779Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694778Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694777Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694776Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694775Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694774Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694773Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694772Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694771Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694770Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694769Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694768Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694767Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694766Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694765Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694764Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694763Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694762Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694761Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694760Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694759Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694758Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694757Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694756Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694755Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694754Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694753Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694752Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694751Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694750Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694749Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694748Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694747Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694746Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694745Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694744Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694743Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694742Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694741Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694740Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694739Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694738Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694737Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694736Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694735Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694734Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694733Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694732Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694731Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694730Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821